| 1: | In Figure 4-1, suppose that edge t3 went from s1 to s4. Would the resulting system be secure? |
| 2: | Revisit the example of one student copying another student's homework assignment. Describe three other ways the first student could copy the second student's homework assignment, even assuming that the file access control mechanisms are set to deny him permission to read the file. |
| 3: | A noted computer security expert has said that without integrity, no system can provide confidentiality.
Do you agree? Justify your answer. Can a system provide integrity without confidentiality? Again, justify your answer.
|
| 4: | A cryptographer once claimed that security mechanisms other than cryptography were unnecessary because cryptography could provide any desired level of confidentiality and integrity. Ignoring availability, either justify or refute the cryptographer's claim. |
| 5: | Classify each of the following as an example of a mandatory, discretionary, or originator controlled policy, or a combination thereof. Justify your answers.
The file access control mechanisms of the UNIX operating system A system in which no memorandum can be distributed without the author's consent A military facility in which only generals can enter a particular room A university registrar's office, in which a faculty member can see the grades of a particular student provided that the student has given written permission for the faculty member to see them.
|
| 6: | Consider the UC Davis policy on reading electronic mail. A research group wants to obtain raw data from a network that carries all network traffic to the Department of Political Science.
Discuss the impact of the electronic mail policy on the collection of such data. How would you change the policy to allow the collection of this data without abandoning the principle that electronic mail should be protected?
|
