1. Consider an access control policy consisting of the following two rule: Rule1

Question

1.   Consider an access control policy consisting of the following two rule:

Rule1: A subject S can write to an object O only if security_level(O) security_level(S)

Rule 2: If a subject S reads an object O, then the security level of S is updated after the read as MIN{security_level(S), security_level(O)}

Can the above policy prevent integrity violations in a system consisting of some subjects and objects? Explain. It is assumed that all subjects and objects have initial security level assigned.

Explanation / Answer

Ans:

Low-Watermark Policy:

s in S can write to o in O if and only if i(o) <= i(s).

If s in S reads o in O, then i’(s) is taken to be the minimum of i(s) and i(o) where i’(s) is the subjects integrity level after the read.

s1 can execute s2 if and only if i(s1) <= i(s2).

The policy prevents direct modification that would lower integrity labels as well as indirect modifications.Can be too restrictive.

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.