Question

(3) Why is it that the Protection Matrix is almost never implemented directly in practice? How a. does using ACLs or capabilities make matters better? (2) What is easy to determine using capabilities but hard to determine with ACLs? Explain. (2) Why is revocation hard to do with capabilities? Explain (3) Why are computer viruses that infect applications more often a problem on personal b. c. d. computers than they are on time-shared systems? Explain.

Answer 1

a.(3)

Security policies in the context of requirements for information security and the circumstances in which those requirements

must be met, examines common principles of management control, and reviews typical system vulnerabilities, in order to

motivate consideration of the specific sorts of security mechanisms that can be built into computer systems—to

complement nontechnical management controls and thus implement policy—and to stress the significance of establishing

GSSP. Additional information on privacy issues and detailing the results of an informal survey of commercial security officers

is provided in the two chapter appendixes

Organizations and people that use computers can describe their needs for information security and trust in systems in terms

of three major requirements:

Confidentiality: controlling who gets to read information;

Integrity: assuring that information and programs are changed only in a specified and authorized manner; and

Availability: assuring that authorized users have continued access to information and resources.

These three requirements may be emphasized differently in various applications. For a national defense system, the

chief concern may be ensuring the confidentiality of classified information, whereas a funds transfer system may

require strong integrity controls. The requirements for applications that are connected to external systems will differ

from those for applications without such interconnection. Thus the specific requirements and controls for information

security can vary.

Some organizations formalize the procedure for managing computer-associated risk by using a control matrix that

identifies appropriate control measures for given vulnerabilities over a range of risks. Using such a matrix as a guide, administrators may better select appropriate controls for various resources. A rough cut at addressing the problem is

often taken: How much business depends on the system? What is the worst credible kind of failure

However, for many of the management controls discussed above,

there is not a clear, widely accepted articulation of how computer systems should be designed to support these controls,

what sort of robustness is required in the mechanisms, and so on. As a result, customers for computer security are faced with a "take-it-or-leave-it" marketplace. For instance, customers appear to demand password-based authentication because

it is available, not because analysis has shown that this relatively weak mechanism provides enough protection. This effect

works in both directions: a service is not demanded if it is not available, but once it becomes available somewhere, it soon

becomes wanted everywhere.

Access Control List (ACL)

1. An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a

particular system object, such as a file directory or individual file.

2. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with

access privileges.

3. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to

execute the file (if it is an executable file, or program).

4. Microsoft Windows NT/2000, Novell's NetWare, Digital's OpenVMS, and UNIX-based systems are among the operating

systems that use access control lists.

Capability List:

1. A capability is a token, ticket, or key that gives the possessor permission to access an entity or object in a computer

system.

2. A capability can be thought of as a pair (x, r) where x is the name of an object and r is a set of privileges or rights. With

each subject we can store that subject's capabilities. And, the subject presents to the guard a capability in order to get access

to an object.

3. Note that a capability is completely transferable; it doesn't matter who presents the capability. This framework completely

eliminates the need for authentication.

4. However, with ACLs we were assuming that authentication was unforgettable. With capabilities, we now need a way to

make capabilities unforgettable. The success of a capability-based mechanism depends on it.

b. (2)

A capability is a token, ticket, or key that gives the possessor permission to access an entity or object in a computer

system.

A capability can be thought of as a pair (x, r) where x is the name of an object and r is a set of privileges or rights. With

each subject we can store that subject's capabilities. And, the subject presents to the guard a capability in order to get access

to an object.

Each object has a security attribute that identifies its access control list. The list has an entry for each system user with

access privileges.

Note that a capability is completely transferable; it doesn't matter who presents the capability. This framework completely

eliminates the need for authentication.

However, with ACLs we were assuming that authentication was unforgettable. With capabilities, we now need a way to

make capabilities unforgettable. The success of a capability-based mechanism depends on it.

c. (2)

Capabilities are distributed throughout the system - must be found and destroyed - difficult

1. Expiry Time : capabilities expire after a time and new must be requested  

2. Back pointers : objects maintain pointers to all capabilities issued - costly to implement, particularly if capabilities are

passed around as parameter.

3. Indirect Capabilities : capability points to table entry which points to object

4. Keys : capability contains encrypted key checked by object

d. (3)

How does a computer virus attack?

Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause

the computer or device to execute its code. In order for a virus to infect your computer, you have to run the infected

program, which in turn causes the virus code to be executed.

This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once

the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data,

logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of

the devastating and irritating things a virus can do.

While some viruses can be playful in intent and effect, others can have profound and damaging effects. This includes

erasing data or causing permanent damage to your hard disk. Worse yet, some viruses are designed with financial gains

in mind.