Sample solutions to Assignment
Total = 130 pts
1.[10] A respected software engineer has said that no computer can ever be made perfectly
secure. Why might he/she have said this?
2.[10] Consider a very high-assurance system developed for the military. The system has a set
of specifications, and both the design and implementation have been proven to satisfy the
specifications. What questions should school administrators ask when deciding whether
to purchase such a system for their school's use?
3.[15] Consider the set of rights {read, write, execute, append, list, modify, own}.
a.[5]
b.[5]
c.[5]
a.
Write a command delete_all_rights(p,q,s). This command caused p to delete all
rights the subject q has over the object s.
Modify your command so that the deletion can occur only if p has modify rights
over s.
Modify your command so that the deletion can occur only if p has modify rights
over s and q does not have own rights over s.
delete_all_rights(p,q,s)
enter own into a[p,q]
delete read from a[q,s]
delete write from a[q,s]
delete execute from a[q,s]
1
delete append from a[q,s]
delete list from a[q,s]
delete modify from a[q,s]
delete own from a[q,s]
end
b.
delete_all_rights(p,q,s)
if modify in a[p,q]
enter own into a[p,q]
delete read from a[q,s]
delete write from a[q,s]
delete execute from a[q,s]
delete append from a[q,s]
delete list from a[q,s]
delete modify from a[q,s]
delete own from a[q,s]
end
end
c.
delete_all_rights(p,q,s)
if modify in a[p,q] AND own NOT in a[p,s]
enter own into a[p,q]
delete read from a[q,s]
delete write from a[q,s]
delete execute from a[q,s]
delete append from a[q,s]
delete list from a[q,s]
delete modify from a[q,s]
delete own from a[q,s]
end
end
4.[25] Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and
UNCLASSIFIED (ordered from highest to lowest), and the categories A, B and C, specify
what type of access (read, write, both, or neither) is allowed in each of the following
situations. Assume that discretionary access controls allow anyone access unless
otherwise specified.
a.[5]
Paul, cleared for (TOP SECRET, {A, C}), wants to access a document classified
(SECRET, {B, C}).
b.[5]
Anna, cleared for (CONFIDENTIAL, {C}), wants to access a document classified
(CONFIDENTIAL, {B}).
2
c.[5]
Jesse, cleared for (SECRET, {C}), wants to access a document classified
(CONFIDENTIAL, {C}).
d.[5]
Sammi, cleared for (TOP SECRET, {A, C}), wants to access a document
classified (CONFIDENTIAL, {A}).
e.[5]
Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants
to access a document classified (CONFIDENTIAL, {B}).
5.[10] Design a two-message authentication protocol, assuming that Alice and Bob know each
other's public keys, which accomplishes both mutual authentication and establishment of
a session key.
Alice picks a session key K and sends along a timestamp. She encrypts K with Bob’s public key
and sign the entire message. Bob responds with timestamp encrypted with K. Bob knows its
Alice from the signature and timestamp. Alice knows its Bob because only he can decrypt K.
6.[15] Suppose a system implementation of the Strict Integrity Policy (Biba’s Model) used the
same labels for integrity levels and categories as for security levels and categories. Under
what condition could one subject read an object? Write to an object?
3
7.[15] Decipher the following ciphertext, which was enciphered using the Caesar cipher:
TEBKFKQEBZLROPBLCERJXKBSBKQP
The key is 3.
The text is: WHEN IN THE COURSE OF HUMAN EVENTS
8.[15] Assume that Diffie-Hellman scheme is used, A and B have chosen p=53 and g=13, and
private keys kA = 3 and kB = 5. Calculate public keys KA, KB and secret keys SA,B, SB,A .
KA = 133 mod 53 = 24
KB = 135 mod 53 = 28
SBA = 245 mod 53 = 10
SAB = 283 mod 53 = 10
9.[15] Consider an RSA digital signature scheme. Alice tricks Bob into signing messages m1
and m2 such that m = m1 m2 mod nBob. Prove that Alice can forge Bob’s signature on m.
4