Information Assurance: Homework 1 Answer Key

Due September 7, 2005

Graded to 100 points. Each of the 6 questions worth the same number of points.
1. Classify each of the following as a violation of confidentiality, of integrity, of
availability, or of some combination thereof:
These are the answers that should have been included. Other answers were given
credit as long as a reasonable justification was given.
a. John copies Marys homework.
Confidentiality may or may not be violated here, depending on
whether the class policy allows working together on homework.
Integrity is certainly violated, since Marys work might come from
Mary or from John.
b. Paul crashes Lindas system.
Availability
c. Carol changes the amount of Angelos check from $100 to $1,000.
Integrity
d. Gina forges Rogers signature on a deed.
Integrity
e. Rhonda registers the domain name AddisonWesley.com and refuses to
let the publishing house buy or use the domain name.
Availability and integrity are both violated here. The domain name
is unavailable to the company that wants it, and customers
connecting to this URL expect it to belong to the company, rather
than to Rhonda.
f. Jonah obtains Peters credit card number and has the credit card company
cancel the card and replaces it with another card bearing a different
account number.
Confidentiality is violated since Peters credit card number should
not be public information. Availability is violated since Peters card
is cancelled. Integrity is violated because the new card is fake.
g. Henry spoofs Julies IP address to gain access to her computer.
IP addresses are not considered confidential information, so the only
violation here is integrity.
2. Identify mechanisms for implementing the following. State what policy or
policies they might be enforcing.
There was a broad spectrum or answers here. We gave very wide latitude for answers as
long as they were well defended.

a. A password changing program will reject passwords that are less than five
characters long or that are found in a dictionary.
Policy: Require strong passwords for improved authentication and confidentiality.
Mechanism: Program augmentation to track password length and compare for entries in
an online dictionary.
b. Only students in a computer science class will be given accounts on the
departments computer system.
Policy: Ensure computer available and reduce chance of confidentiality or integrity
failures by restricting computer access to those that really need the access.
Mechanism: Procedural by mailing account information to student address. And/or use
class roster to create accounts and recheck accounts after last drop date.
c. The login program will disallow logins of any students who enter their
passwords incorrectly three times.
Policy: Discourage invalid login attempts to prevent system attacks.
Mechanism: Augment login program or wrap login program to track failed
authentication attempts and disable the account on the third failed try.
d. The permissions of the file containing Carols homework will prevent
Robert from cheating and copying it.
Policy: No collaboration on homework.
Mechanism: OS specific file controls.
e. When the World Wide Web traffic climbs to more than 80% of the
networks capacity, systems will disallow any further communications to
or from Web servers.
Policy: Ensure network availability for critical traffic.
Mechanism: Use scripts or more sophisticated quality of service mechanism to throttle
back HTTP traffic (on the well known HTTP ports).
f. Annie, a systems analyst, will be able to detect a student using a program
to scan her system for vulnerabilities.
Policy: Non-authorized personal shall not conduct system scans. Such scans will be
assumed to be preludes to a system attack.
Mechanism: Host Intrusion Detection systems that look for classing scanning patterns.
g. A program used to submit homework will turn itself off just after the due
date.

Policy: Homework must be turned in before the deadline.

Mechanism: Use cron or other OS specific scheduler mechanism to disable the handin
program after the deadline has passed.
3. Give an example of a situation in which a compromise of confidentiality leads to
a compromise in integrity.
Answers may vary. One example is when someone steals a users password and uses it to
modify the files in his account.
4. Consider a very high-assurance system developed for the military. The system
has a set of specifications, and both the design and the implementation have been
proven to satisfy the specifications. What questions should school administrators
ask when deciding whether to purchase such a system for their schools use?
Here too there was a wide variety of good questions identified. Some of the best answers
were
Are the military specifications appropriate for the schools scenario?
Are the techniques used in the military system legal for the schools environment?
Will the military system mesh with the schools cultural environment? Will
people use it?
Is it worth the money for what the school needs? Is it overkill?
5. Consider a computer system with three users: Alice, Bob, and Cindy. Alice owns
the file alicerc, and Bob and Cindy can read it. Cindy can read and write the file
bobrc, which Bob owns, but Alice can only read it. Only Cindy can read and
write the file cindyrc, which she owns. Assume that the owner of each file can
execute it.
a. Create the corresponding access control matrix
Bob
Cindy
alicerc
bobrc
cindyrc Alice
Alice
ox
r
o
Bob
r
ox
o
Cindy
r
rw
orwx
o
b. Cindy gives Alice permissions to read cindyrc, and Alice removes Bobs
ability to read alicerc. Show the new access control matrix.
Bob
Cindy
alicerc
bobrc
cindyrc Alice
Alice
ox
r
r
o
Bob
ox
o
Cindy
r
rw
orwx
o
6. Consider the set of rights [read, write, execute, append, list, modify, own]
a. Using the command syntax used in the lecture notes, write a command
delete_all_rights(p,q,s). This command causes p to delete all rights
subject q has over object s.

Delete_all_rights(p,q,s)
Delete read in A[q,s]
Delete write in A[q,s]
Delete execute in A[q,s]
Delete append in A[q,s]
Delete list in A[q,s]
Delete modify in A[q,s]
Delete own in A[q,s]

b. Modify your command so that the deletion can only occur if p has modify
rights over s.
Delete_all_rights(p,q,s)
If modify in A[p,s] then
Delete read in A[q,s]
Delete write in A[q,s]
Delete execute in A[q,s]
Delete append in A[q,s]
Delete list in A[q,s]
Delete modify in A[q,s]
Delete own in A[q,s]
c. Modify your command so that the deletion can only occur if p has modify
rights over s and q does not have own rights over s.
The trick is that testing not is not allowed. Similarly, else is not allowed. You can use
a trick of creating a temporary subject or object. Strictly, speaking this would be
implemented as a sequence of commands, since each command has only one conditional
clause.
Delete_all_rights(p,q,s)
Create subject tmp
Enter read in A[tmp,s]
If own in A[q,s] then
Delete read from A[tmp,s]
If modify in A[p,s] and read in A[tmp,s] then
Delete read in A[q,s]
Delete write in A[q,s]
Delete execute in A[q,s]
Delete append in A[q,s]
Delete list in A[q,s]
Delete modify in A[q,s]
Delete own in A[q,s]
Destroy subject tmp