(5 points) Can adding an ACL entry to a file ever revoke a
process' ability to access that file?
(5 points) Can adding a group to a process' groups ever
revoke that process' ability to access a file?
SuSe provides a very clear explanation of
POSIX ACLs on Linux. See, in particular, the section titled, "Access Check
Algorithm". In answering each question, you should provide
either a counter-example to monotonicity or a "proof" that the
system is monotonic. By "proof", I mean an airtight argument,
but it does not have to be expressed in mathematical notation.
Both Windows and Linux support extra permissions for specific
system actions, such as shutting down the system, killing other
peoples' processes, configuring the network, etc. In Linux,
these are called "capabilities", and you can learn more about
them from the
Linux capabilities man page. In Windows, they are called
"privileges", and are described in
MSDN Privilege Constants. The goal of creating these
privileges/capabilities is to break apart the sysadmin functions
into many smaller, less powerful functions, so that programs can
be given less power than "full administrator". Unfortunately,
that's not always easy. In fact, in both Windows and Linux,
some capabilities/privileges can be used to easily gain all
capabilities/privileges on the system.
(5 points) Give an example of a Linux capability that can be used to
gain full administrator privileges, and explain how to do
it.
(5 points) Ditto for Windows privileges.
Recall that Biba is the "integrity" version of Bell-Lapadula,
i.e. security levels correspond to the integrity level of data,
such as "FirstHand", "SecondHand", and "Internet".
(5 points) Bell-Lapdadula had compartments, such as "JFK",
"Aliens", etc. What do compartments mean in Biba?
(5 points) What are the access control rules for reading and
writing in a Biba system with "compartments".
(5 points) Information gained from multiple sources should
have a higher level of confidence. So, for example,
SecondHand information collected from two sources can be
upgraded to FirstHand. Encode this idea into Biba by adding
a single simple rule.