given:
subject A with clear(A) = 5
subject B with clear(B) = 2
object O with class(O) = 1
object P with class(P) = 8
additional access control matrix:
______________O__________________P____
A________[append,read]_________[append]
B_________[read,write]__________[execute]
append = write at the end of file
execute = requires only read access
question:
which of the following actions are NOT allowed?
- B executes object P
- A reads object O
- A appends data to object P
- B writes in object O
- B appends data to object P
__________________________________________________________________________
okay, of course i don't want you to do my homework, but i am a bit confused...
if i look at the matrix, i'd say the only action prohibited is "B appends data to object P".
but i guess that would be way to simple and the clearance of subjects, as well as the classification of objects would be useless information.
if i ignore the matrix, and look at clear/class i would say the following actions are prohibited
- B executes object P (because you can't read/execute higher objects)
- B writes in object O (because you can't write into lower objects)
so, can anybody tell me how to combine both approaches, and what's the actual solution on this?
thank you for any hint