Assignment 2

Due Wednesday February 7, 2018 6:55 pm via sakai


Please answer the questions precisely and concisely. Every question can be answered in one or at most a few sentences. I will not have the patience to read long paragraphs or essays and you may lose credit for possibly correct answers.

Note: submissions must be be plain text or pdf files – or HTML if embedded within sakai and not uploaded. Other formats, such as Microsoft Word, Apple Pages, or Adobe InDesign will NOT be accepted.


Text: Ross Anderson, Security Engineering: Chapter 4, pages 93–107 (through 4.2.7).
Access Control
Text: Ross Anderson, Security Engineering: Chapter 8, pages 239-top of 248 (through 8.3.3); 251 (8.3.5) - 252.
Multilevel Security: Bell-LaPadula and Biba Models, for question 4.
Paper: David F. Ferraiolo and D. Richard Kuhn, Role-Based Access Controls, National Institute of Standards and Technology, 15th National Computer Security Conference (1992), pages 554–563.
The paper that introduced the role-based access control model. It’s short but you only need to read the first four pages.


Question 1

To get access control matrices to scale better, the text states that the two main ways are “to compress the users and to compress the rights”.

(a) What is meant by “compressing the users”?

(b) What is meant by “compressing the rights”?

Question 2

What four deficiencies does the author point out with Unix ACLs? Write your answers briefly: one short sentence per deficiency.

Question 3

How did Windows add support for capabilities via profiles? Check here, here, and here for more detailed explanations of roaming profiles and group policies.)

Question 4

What is the purpose of the wheel group on BSD and macOS systems?

Question 5

(a) What is the simple security property of the Bell-LaPadula model?

(b) What is the *-property of the Bell-LaPadula model?

Question 6

What is meant by a role in a role-based access control (RBAC) system?