SE 231 Assignment 3 PDF

Preview

Summary

SE 231 - Assignment 3Usama HashmiReview Questions 4.Briefly define the difference between DAC and MAC.Discretionary Access Control Mandatory Access Control The object owner defines which subject can access the object.The system defines which subject can access the specific data objects. Owner has th...

Description

SE 231 - Assignment 3 Usama Hashmi

Review Questions 4.1 Briefly define the difference between DAC and MAC. Discretionary Access Control The object owner defines which subject can access the object. Owner has the options to control access to the system. Most operating systems such as all Windows, Linux, and Macintosh and most flavors of Unix are based on DAC models. Access privileges define access control for the operating system.

Mandatory Access Control The system defines which subject can access the specific data objects. Owner does not have the option to control access. Examples of the MAC-based commercial systems are SE Linux and Trusted Solaris. Security clearance of an object defines access control for the system.

Review Questions 4.3 List and define the three classes of subject in an access control system. The access control system defines the following three classes of subjects: Owner: the owner is the creator of resources like files and folders etc. The ownership of the system belongs to the system administrator. The ownership of the project resources belongs to project administrator or it may be assigned to the leader. Group: A group of users has access rights, being part of the group is enough to get access rights. Mostly the user belongs to multiple groups. World: The system grants minimum access to the users. The world users are not included in the owner and group categories.

Review Questions 4.8 Briefly define the four RBAC models of Figure 4.8a. RBAC0 - Base Model: It is the minimum requirement for an RBAC system. There are 4 entities in an RBAC0 system, user, role, permission, and session. RBAC1 - Role Hierarchies: Adds role hierarchies, these role hierarchies provide means of reflecting the hierarchical structure of roles in an organization. RBAC2 - Constraints: Adds constraints, the constraints provide a means of adapting RBAC to the specifics of administrative and security policies in an organization. RBAC3 - Consolidated Model: Includes only RBAC1 and RBAC2

Review Questions 4.10 Describe three types of role hierarchy constraints. Following are the three types of role hierarchy constraints: Mutually exclusive: Mutually exclusive are the roles in which a particular user is assigned to the only one role in the particular set. Cardinality: Cardinality are the roles in which maximum numbers of users are assigned to different types of roles. One such constraint is to set one or more users to the particular role. Prerequisite: Particular roles are only assigned to particular users, depending on if it was already assigned to another specific role precursor to the current. ------------------------------------------------------------------------------------------------------------------------------------------

Problems 4.1 4.1 For the DAC model discussed in Section 4.3, an alternative representation of the protection state is a directed graph. Each subject and each object in the protection state is represented by a node (a single node is used for an entity that is both subject and object). A directed line from a subject to an object indicates an access right, and the label on the link defines the access right. a. Draw a directed graph that corresponds to the access matrix of Figure 4.2a.

b. Draw a directed graph that corresponds to the access matrix of Figure 4.3.

c. Is there a one-to-one correspondence between the directed graph representation and the access matrix representation? Explain. Yes, there is a one-to-one correspondence between the directed graph and access matrix representation. Since the access matrix passes to all the respective edges from user vertex to file vertex in a directed graph. The users are presented with the one dimension and the file are in the other dimension of the matrix. In the directed graph, the user vertices are at the top whereas the file vertices are specified at the bottom. If the access rights are granted from the user to a file, then the directed graph contains an edge from the vertex which means that the correspondence from subject to object.

Problems 4.3 The VAX/VMS operating system makes use of four processor access modes to facilitate the protection and sharing of system resources among processes. The access mode determines: Instruction execution privileges: What instructions the processor may execute Memory access privileges: Which locations in virtual memory the current instruction may access The four modes are as follows: Kernel: Executes the kernel of the VMS operating system, which includes memory management, interrupt handling, and I/O operations Executive: Executes many of the operating system service calls, including file and record (disk and tape) management routines

Supervisor: Executes other operating system services, such as responses to user commands User: Executes user programs, plus utilities such as compilers, editors, linkers, and debuggers A process executing in a less-privileged mode often needs to call a procedure that executes in a moreprivileged mode; for example, a user program requires an operating system service. This call is achieved by using a change-mode (CHM) instruction, which causes an interrupt that transfers control to a routine at the new access mode. A return is made by executing the REI (return from exception or interrupt) instruction. a. A number of operating systems have two modes: kernel and user. What are the advantages and disadvantages of providing four modes instead of two? Most operating systems have two modes, kernel, and user, while some have four modes as kernel, executive, supervisor, and user. Advantages: Four modes provide more flexibility in terms of control access to the memory. Additionally, it allows fine tuning of the memory protection. Disadvantages: When user wants to access memory or I/O functions it must traverse multiple layers rather than the normal two. b. Can you make a case for even more than four modes? MULTICS OS uses seven OS layers. Many processors today allow for hypervisor mode, which is known as layer 0 and grants direct hardware access. It is used in conjunction with virtualization software like VMware. Additionally, the more recent AMD-V processor has come out with a -1 level so that guest operating systems can run in level 0 natively without conflicting with other guest operating systems.

Problems 4.6 In the traditional UNIX file access model, which we describe in Section 4.4, UNIX systems provide a default setting for newly created files and directories, which the owner may later change. The default is typically full access for the owner combined with one of the following: no access for group and other, read/execute access for group and none for other, or read/execute access for both group and other. Briefly discuss the advantages and disadvantages of each of these cases, including an example of a type of organization where each would be appropriate. Case 1: no access for group and other    

Newly created files and directories will only be accessible to the owner. Owner can explicitly grant access to the group. Advantage: Files are protected from unauthorized access and modification. Confidential data is kept safe from unknown users. Disadvantage: Access to frequently required files is restricted. Example: Widely used by government and business where user work is private and confidential.

Case 2: read/execute access for group and none for other    

Newly created files and directories will only be accessible to all members of the owner’s group. Other groups on the server cannot access the files and directories. Advantage: Files are protected from unauthorized access and modification. File sharing is enabled. Disadvantage: Dishonest owners can damage files and their content. Example: An organization cooperating with the team may choose this case.

Case 3: read/execute access for group and other 



 

Newly created files and directories are accessible to all users of the server. Mostly suitable for an organization where the users trust each other in general and their work may be on a shared resource. Advantage: All the users of the server can access the file and utilize the resource and improve the work efficiency if all the data are available on time. Information available to all users at any time. Disadvantage: Dishonest persons to the company may get all the data and handover to the competitors and may try to damage the business based on available information. Example: System for a university research project....