# Homework 1 (FCS)
### Group 10
#### Ivan Christian (1003056)
#### Andy Tay (1001306)
#### Tan Jia Han (100059)
## Exercise 1
### Classify each of the following as a violation of confidentiality, of integrity, of availability or of some combination thereof
a)
**Confidentiality** is violated because the answers were meant for the graders only and should not be shared with others. ( **Unauthorized Access** )
b)
**Availability** is violated because the authorised party (Linda) is denied access to her system (iPhone). ( **Unable to Access** )
c)
**Integrity** is violated. Integrity of the original check is compromised as original value of Angelo's check is editted. ( **Data Integrity** )
d)
**Integrity** is violated because the trustworthiness of the deed is no longer valid as it was not signed by Roger. ( **Origin Integrity** )
Assuming that the deed is only for Roger's eyes (due to sensitivity of some issues), **Confidentiality** is also violated as only Roger was supposed ot know about the deed. ( **Unauthorized Access** )
e)
**Availability** is compromised as Peter will no longer have access to his credit card. ( **Unable to access** )
**Confidentiality** is also violated Peter's Credit Card numbers, CVC numbers and many other personal informations are no longer protected. ( **Unauthorized Access** )
f)
**Confidentiality** is compromised from the guessed password.( **Unauthorized Access** )
**Integrity** is compromised as it was not Julie who tweeted. ( **Origin Integrity** )
## Exercise 2
### With the following mechanisms being implemented, state what policy or policies they might be enforcing and what informal security requirement might have inspired such policies.
a.
Policy: In a system, users cannot have commonly used password and passwords that are short.
Informal Requirements: Users passwords should be hard to guess.
b.
Policy: In a system, users cannot infinitely guess their passsword in the case they do not remember or know the password. It will be locked within finite tries.
Informal Requirements: Users should not keep guessing their password if they forgot.
c.
Policy: In a system, users cannot access other users' contents without permission.
Informal Requirements: Users should not be able to cheat and copy each other's homeworks.
d.
Policy: In a system, users bandwidth to non-educational sites must be throttled during class time.
Informal Requirements: Users should focus on Cyber Security class and not surf facebook
e.
Policy: In a system, homeworks must be submitted on time.
Informal Requirements: Users should not be able to submit assignments or deliveriables past the deadline.
## Exercise 3
a)
```csvpreview {header="true"}
Name/File,alicerc,bobrc,cyndyrc
Alice,[execute|own],[read],[No Access]
Bob,[read],[execute|own],[No Access]
Cyndy,[read],[read|write],[read|write|execute|own]
```
b)
```csvpreview {header="true"}
Name/File,alicerc,bobrc,cyndyrc
Alice,[execute|own],[read],[read]
Bob,[No Access],[execute|own],[No Access]
Cyndy,[read],[read|write],[read|write|execute|own]
```
```[python]
# Giving read access from cyndy to alice
command give_read_rights(Alice,Cyndy,cyndyrc)
if own in a[Cyndy, cyndyrc]
then
enter read into a[Alice, cyndyrc]
end
```
```[python]
command remove_read_rights(Alice, Bob, alicerc)
if own in a[Alice , alicerc]
then
delete read from a[Bob , alicerc]
end
```
## Exercise 4
a)
```[python]
# {read, write, execute, append, list, modify, own}
command copy_all_rights(p,q,s)
if read in a[p,s]
then
enter read into a[q,s];
if write in a[p,s]
then
enter write into a[q,s];
if execute in a[p,s]
then
enter execute into a[q,s];
if append in a[p,s]
then
enter append into a[q,s];
if list in a[p,s]
then
enter list into a[q,s];
if modify in a[p,s]
then
enter modify into a[q,s];
if own in a[p,s]
then
enter own into a[q,s];
end
```
b)
```[python]
# {read, write, execute, append, list, modify, own}
command copy_all_rights(p,q,s)
if read in a[p,s] and c in a[p,s]
then
enter read into a[q,s];
if write in a[p,s] and c in a[p,s]
then
enter write into a[q,s];
if execute in a[p,s] and c in a[p,s]
then
enter execute into a[q,s];
if append in a[p,s] and c in a[p,s]
then
enter append into a[q,s];
if list in a[p,s] and c in a[p,s]
then
enter list into a[q,s];
if modify in a[p,s] and c in a[p,s]
then
enter modify into a[q,s];
if own in a[p,s] and c in a[p,s]
then
enter own into a[q,s];
delete c in a[q,s] # Deleting the c flag so the new copy is confirmed
# to not have the c flag
end
```
c)
By copying the c flag along with the rights, any copies with the c flag will be allowed to grant rights to other objects, which may not be intended.
Having the c flag along with the user rights essentially allows granting other users the rights, without the copy flag q will not be allowed to grant rights to other objects.
## Exercise 5
a)
Not applying the Principle at all will lead to unintended users having rights that they should not have, making the system insecure.
The maximum set of rights would be owning every single possible files and processes and this can be done if the system does not follow the Principles of Attentuation of Privilege.
b)
No, because by not limiting the "own" right, subject will be able to grant read, write and other rights even though the access rights "read" and "write" are limited by the principles.
This will not ameliorate the problem in a) because subject will be able to grant "own" rights to one another and unintended subject will be able to have access that they should not have and making the system insecure.
c)
By limiting rights available based on ancestry, q would be allowed to only bequeath what q has to the next subject. There will be a limited spread of rights as a subject can only give what it has to the next subject. However, if the subject can have multiple ancestors then the descendants may have more rights than that of its predecessors as multiple ancestors can give different rights to the subject.
```csvpreview {header="true"}
, file f, file g, file h, file i
o[Ancestor of q | Ancestor of p], ORW, RW, [No Access], W
p[Ancestor of q],R,[No Access],[No Access], W
r[Ancestor of q],E,W,E,E
q,ORWE , RW , E, WE
```
Google Drive
Gist
Clipboard
Sign in with Wallet
