Homework 4 - Access Control, Security Policies and Trusted Computing

1. Consider an access control method that wants to allow an object to have more than one owner. Explain how you would implement this with both ACLs and capabilities.
2. The classic Unix access control model has just read, write and execute permissions. What other sorts of permissions might you want for an access control model?
3. Give an example of using physical seperation to enforce the Bell-LaPadula security model.
4. The tranquility property of Bell-LaPadula states that the classification of a subject or an object does not change while it is being referenced. What would happen if this was NOT true?
5. Write a security policy that combines the secrecy of Bell-LaPadula with the integrity of Biba. Give both the simple and * properties for the combined model.
6. Define the two types of seperation of duty that can be implemented with the Clark-Wilson model. Give an example of each type.
7. Some people claim that an operating system does not need to protect the segment of memory containing executable code because there is a copy of the executable on the hard drive. Do you believe this is a valid claim? Justify your answer.
8. Give one reason why security should be part of the design of an operating system from the beginning instead of added in later.
9. Describe the difference between validation and verification.
10. What are the advantages and disadvantages that an operating system vendor might consider when deciding whether or not to undergo the formal evaluation process?