Homework 5 - Project Milestone, Malicious Logic and Vulnerability Analysis

Due: Monday May 19, 2008 at 5:00pm
This homework is worth 20 points.

Part 1 - Project Milestone (10 points)

Provide an outline of your project paper. The outline should describe the main sections of your paper and relevant subsections. For example, the "Prior Work" section would have one subsection per reference if you are doing a research project.

Part 2 - Questions (10 points)

  1. Could capabilities be used to limit the damage a Trojan horse can do? Consider how capabilities differ from access control lists in your response.
  2. How could confinement be used to limit the damage a Trojan horse can do?
  3. Consider a system which implements Bell LaPadula for unclassified, restricted and classified levels. Could a macro virus first introduced in an unclassfied document infect documents at the classified level? Why or why not?
  4. Why classify vulnerabilities using vulnerability analysis? What benefit does it provide?
  5. The PA model and the RISOS model are isomorphic. Show how the PA classifications correspond to the RISOS classes.