d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > Bell-lapadula > Need Your Help
Add Reply New Topic New Poll
Member
Posts: 43,069
Joined: Aug 20 2006
Gold: 6.00
Warn: 30%
Dec 14 2013 03:48pm
given:

subject A with clear(A) = 5
subject B with clear(B) = 2
object O with class(O) = 1
object P with class(P) = 8

additional access control matrix:

______________O__________________P____
A________[append,read]_________[append]
B_________[read,write]__________[execute]

append = write at the end of file
execute = requires only read access

question:

which of the following actions are NOT allowed?

- B executes object P
- A reads object O
- A appends data to object P
- B writes in object O
- B appends data to object P

__________________________________________________________________________

okay, of course i don't want you to do my homework, but i am a bit confused...

if i look at the matrix, i'd say the only action prohibited is "B appends data to object P".
but i guess that would be way to simple and the clearance of subjects, as well as the classification of objects would be useless information.

if i ignore the matrix, and look at clear/class i would say the following actions are prohibited
- B executes object P (because you can't read/execute higher objects)
- B writes in object O (because you can't write into lower objects)

so, can anybody tell me how to combine both approaches, and what's the actual solution on this?

thank you for any hint
Go Back To Programming & Development Topic List
Add Reply New Topic New Poll