Mid Term 51.505 FCS

# Mid Term 51.505 FCS Ivan Christian 1003056 ## 1 ### a) A compromised confidentiality will lead to a compromise of non-repudiation. Confidentiality is "The property, that information is not made available or disclosed to unauthorized individuals, entities, or processes" Non-repudiation is "The ability to prove that an event occurred or an action was carried out by an entity.” Example: A historian of a Water Distribution plant records both the OT data, IT network data, and the logs for the plant behaviour. The historian itself will have a security measure by, for example, using a username and password. A careless plant operator accidentally leaked the credentials to his partner and said partner uses the credentials (Compromise in confidentiality)to erase a day's worth of logs. This makes it such that the logs (login, plant data, and other things) is lost (Compromise of non-repudiation). ### b) ![](https://i.imgur.com/FUafwZz.png) yes, this secure if $R ﬤ Q$. This is because any states in R will be a subset of states in Q, which is defined as the following by the question: `Q as secure states by a security policy, R as restricted states by a security mechanism` This would mean that anything that results in state R will be part of the possible states in Q hence showing that it is secure. R can also be empty which would mean that there will be no restricted states defined within Q. This would mean that only the states that results in states within states of Q will be considred secure states. ### c) ```csvpreview Users/files,f A,[r|c] B,[own] --> Meaning that B can give itself write|read|copy|etc. rights ``` ``` Principle of Attenuation of Privilege: A subject cannot give away rights it does not possess. ``` No, user A cannot delegate `read` rights to user B because he does not own the `read` rights to file `f`. According to Principle of Attenuation of Privilege, since A does not have the right therefore A cannot give the right. Yes, user B can delegate `read` rights to user A because he has the `own` rights to the file `f`. Since having the `own` right means that B can give itself write|read|copy|etc. rights, therefore user B can give itself the `read` rights and then bestow it on user A and not break the Principle of Attenuation of Privilege. ## 2 • Let TOP SECRET, SECRET, CONFIDENTIAL and UNCLASSIFIED (ordered from highest to lowest) be security levels. • Let HIGHLY TRUSTED, MEDIUM TRUST, LOW TRUST (ordered from highest to lowest) be integrity levels. • Let A, B, C be categories. • Alice is cleared for TOP SECRET {A, B} and HIGHLY TRUSTED {C}. • Bob is cleared for SECRET {A, C} and MEDIUM TRUST {B}. • Charles is cleared for CONFIDENTIAL {B, C} and MEDIUM TRUST {A, C}. • Document 1 is classified as TOP SECRET {A, B} and HIGHLY TRUSTED {B, C}. • Document 2 is classified as CONFIDENTIAL {A, C}, MEDIUM TRUST {B}. • Document 3 is UNCLASSIFIED and with LOW TRUST. ### a) Bell-La-Padulla (read down, write up) ```csvpreview Subject\Object ,Document 1 [ TS |{ A | B}], Document 2 [ C | { A | C}], Document 3 [U | {}] Alice [ TS |{ A | B}],[ read | write ],[None], [read] Bob [ S | { A | C}],[None], [read], [read] Charles [ C |{ B | C}],[None],[None], [read] ``` ### b) Biba (“no reads down", “no writes up”) ```csvpreview Subject\Object ,Document 1[HT | {B|C}],Document 2 [MT | {B}], Document 3 [LT | {}] Alice[HT | {C}],[None],[None],[write] Bob [MT | {B}],[None],[read | write],[write] Charles [MT | {A|C}],[None],[None],[write] ``` ## 3 ![](https://i.imgur.com/sYpvyRc.png) • Security clearances – AM (Audit Manager); SL (System Low) • Security categories – SP (Production); SD (Development); SSD (System Development) • Integrity classifications – ISP (System Program); IO (Operational); ISL (System Low) • Integrity categories – ID (Development); IP (Production) ```csvpreview Subject\Object, Development code / test data, Production code, Production data,System programs in modification, System and application logs Ordinary users, none, read, both, none, write Application developers ,both,none,none,write,write System managers and auditors,both,read,both, both, both ``` ## 4 • Subjects S = { Heidi, Lucy } • States = { (0,0), (0,1), (1,0), (1,1) } • Commands C = { xor0, xor1 } ### a) $σ_0$ = ``(0,1)``; $c_s$ = `(Lucy, xor0), (Heidi, xor1), (Heidi, xor0), (Lucy, xor1), (Heidi, xor1) ` | Question | Answer | | -------- | -------- | | proj(Heidi, $c_s$, $σ_0$) | 01 10 10 01 10 | | proj(Lucy, $c_s$, $σ_0$) |1 0 0 1 0 (Can only see the lower bit) | | $π_{Lucy}$ ($c_s$)| (Heidi, xor1), (Heidi, xor0), (Heidi, xor1) | |$π_{Heidi, xor0}$ ($c_s$)|(Lucy, xor0), (Heidi, xor1), (Lucy, xor1), (Heidi, xor1)| |$π_{xor1}$ ($c_s$)|(Lucy, xor0), (Heidi, xor0)| ### b) No, Heidi will not be interferring with Lucy. The reason is the following: In the above we have { (0,0), (0,1), (1,0), (1,1) } as states and the following as commands: $c_s$ = ``(Lucy, xor0), (Heidi, xor1), (Heidi, xor0), (Lucy, xor1)`` Let $σ_0$ = (0,1) be the initial state Since now Heidi can only alter and see the H bit of the results, Heide can only the following after the proj(Heidi, $c_s$, $σ_0$) is run = command is run: `1H,1H` (H denoting the high bit) If we were to do a purge Lucy ($π_{Lucy}$), the following commands can be obtained: $π_{Lucy}$ = ``(Heidi, xor1), (Heidi, xor0)`` proj(Heidi, $π_{Lucy}$, $σ_0$) = `1H,1H` >Since both $c_s$ == proj(Heidi, $π_{Lucy}$, $σ_0$), This shows that Heidi doesn't interfere with Lucy ----------------------- No, Lucy will not be interferring with Heidi. The reason is the following: In the above we have { (0,0), (0,1), (1,0), (1,1) } as states and the following as commands: $c_s$ = ``(Lucy, xor0), (Heidi, xor1), (Heidi, xor0), (Lucy, xor1)`` (Same case as my previous example) Let $σ_0$ = (0,1) be the initial state (Same initial state) Since now Lucy can only change the low bits the following is the result when proj(Lucy, $c_s$, $σ_0$) is run = `1L,0L` If we were to do a purge ($π_{Heidi}$) the following commands can be obtained: $π_{Heidi}$ = ``(Lucy, xor0), (Lucy, xor1)`` proj(Lucy, $π_{Heidi}$, $σ_0$) = `1L,0L` >Since both proj(Lucy, $c_s$, $σ_0$) == proj(Lucy, $π_{Heidi}$, $σ_0$), This shows that Lucy doesn't interfere with Heidi ## 5 x := y + z • y = 0 with probability of 1/3, or 1 with probability of 2/3 • z = 1 or 2 or 3 with equal probability $H(y_s|x_s)$ does not exists hence, $H(y_s|x_s) = H(y_s) = -[(\frac{1}{3})*lg(\frac{1}{3}) + (\frac{2}{3})*lg(\frac{2}{3})]=0.9182958340$ $H(z_s|x_s)$ does not exists hence, $H(z_s|x_s) = H(z_s) = -3[(\frac{1}{3})*lg(\frac{1}{3})]=1.58496250$ ```csvpreview y\s, z = 1, z = 2, z = 3 y = 0,1/9,1/9,1/9 y = 1,2/9,2/9,2/9 ``` ```csvpreview x,Possible probability 1, 1/9 2, 3/9 3, 3/9 4, 1/9 ``` ![](https://i.imgur.com/UfL1aJU.png) ### a) $H(y_s|x_t) = -[\frac{1}{9} * (\frac{(1/3)*(1/3)lg (1)+ 0}{1/9}) +$ $\frac{3}{9} (\frac{(2/3) * (1/3) lg (((2/3)*(1/3))/(3/9)) + (1/3) * (1/3) lg (((1/3)*(1/3))/(3/9))}{3/9})+$ $\frac{3}{9} (\frac{(2/3) * (1/3) lg (((2/3)*(1/3))/(3/9)) + (1/3) * (1/3) lg (((1/3)*(1/3))/(3/9))}{3/9})+$ $\frac{1}{9} * (\frac{(1/3)*(1/3)lg (1) + 0}{1/9})]$ $H(y_s|x_t) = -[0 + \frac {1}{3} [\frac {2}{3} lg\frac {2}{3} + \frac {1}{3} lg\frac {1}{3}]+ \frac {1}{3} [\frac {2}{3} lg\frac {2}{3} + \frac {1}{3} lg\frac {1}{3}]+ 0]$ $H(y_s|x_t) = -[\frac {2}{3} [\frac {2}{3} lg\frac {2}{3} + \frac {1}{3} lg\frac {1}{3}]] = 0.61219722$ Since $H(y_s|x_t)<H(y_s)$ shows information flow from y to x ### b) $H(z_s|x_t)=-[\frac{1}{9} * (\frac{(1/3)*(1/3)lg (1)+ 0}{1/9}) +$ $\frac{3}{9} (\frac{(2/3) * (1/3) lg (((2/3)*(1/3))/(3/9)) + (1/3) * (1/3) lg (((1/3)*(1/3))/(3/9))}{3/9})+$ $\frac{3}{9} (\frac{(2/3) * (1/3) lg (((2/3)*(1/3))/(3/9)) + (1/3) * (1/3) lg (((1/3)*(1/3))/(3/9))}{3/9})+$ $\frac{1}{9} * (\frac{(1/3)*(1/3)lg (1) + 0}{1/9})]$ $H(z_s|x_t) = -[0 + \frac {1}{3} [\frac {2}{3} lg\frac {2}{3} + \frac {1}{3} lg\frac {1}{3}]+ \frac {1}{3} [\frac {2}{3} lg\frac {2}{3} + \frac {1}{3} lg\frac {1}{3}]+ 0]$ $H(z_s|x_t) = -[\frac {2}{3} [\frac {2}{3} lg\frac {2}{3} + \frac {1}{3} lg\frac {1}{3}]] = 0.6121972$ $H(z_s|x_t) < H(z_s)$ shows information flow from z to x ## 6 Binary Semaphore S = 1 X = 5 ### a) ![](https://i.imgur.com/zFdG1OY.png) Possibility 1: Process A then Process B > t1 --> X = 25 > t2 --> X = 26 Possibility 2: Process B then A > t1 --> X = 6 > t2 --> X = 36 The 2 possibilities for values are 26 (if Process A goes first) and 36 (if Process B goes first) ### b) ![](https://i.imgur.com/Ys9csyM.png) X = 5 T = 0 Since the processes will only be executed once each then the only possible value for X is 36. This is because Process A will run first as Process B would need to wait for semaphore T to be available (due to the wait(T) command). ## 7 ![](https://i.imgur.com/HAWFU8K.png) semaphore U = 5; semaphore V = 0. ### a) Assume P2 is not run at all ```csvpreview time, U, V, Output 0, 5, 0, 1 (P1 is run), 4, 1, C 2 (P1 is run), 3, 2, CC 3 (P1 is run), 2, 3, CCC 4 (P1 is run), 1, 4, CCCC 5 (P1 is run), 0, 5, CCCCC 6 (P3 is run),0,4,CCCCCD 7(P3 is run),0,3,CCCCCDD 8(P3 is run),0,2,CCCCCDDD 9(P3 is run),0,1,CCCCCDDDD 10(P3 is run),0,0,CCCCCDDDDD ``` Execution halted at t = 10 At max there would be 5 D's printed. ### b) The smallst number of A print is 0. As seen from part a), if P2 (Process 2) is not run at all, then there would be no A's or B's outputted at the end of the process. ### c) Is CABCDCABDD a possible output? No ```csvpreview time, Process, U, V, Output 0, None, 5, 0, 1, P1, 4,1, C 2, P2, 4, 1, CAB 3, P1, 3,2, CABC 4, P3, 3,1, CABCD 5, P1, 2,1, CABCDC 6, P2, 2,1, CABCDCAB 7, P3, 2,0, CABCDCABD ``` It is not possible to continue running to output D as the next output. This is because at that point in time, Semaphore V is at 0 and needs to wait for P1 to signal(V) to allow for V to become V = 1. The longest possible output that the Processes can output will have the length of infinity (CABABABABABAB......D)[At end the processes will be halted]. This is because Process 2 uses Semaphore V at the start [wait(V)] but returns said semaphore once the process is done [signal(V)]netting the same value for the semaphore at the end of process 2. As such this can run infinitely and will result in an output of infinite length. ## 8 ### a) >Let each chopstick to have its own semaphore value on its own, with a starting value of 1. C1: semaphore S1 = 1, C2: semaphore S2 = 1, C3: semaphore S3 = 1, C4: semaphore S4 = 1, C5: semaphore S5 = 1, [Process P(i)] > 1. Thinking; > 2. wait(S(i)); > 3. wait(S(i-1)); > 4. pickUp(C(i)); > 5. pickUp(C(i-1)); > 6. eat spaghetti; > 7. putDown(C(i)); > 8. putDown(C(i-1)); > 9. signal(S(i)); > 10. signal(S(i-1)); > 11. Rest; Where the numbering of the philosophers and chopsticks are assumed to follow the circle formation in the case study (S1 - 1 = S5, and P1 - 1 = P5). Thus the specific process for philosopher P1 will be: ``` [Process P1] wait(S1); wait(S5); pickUp(C1); pickUp(C5); eat spaghetti; putDown(C1); putDown(C5); signal(S1); signal(S5); ``` ### b) Let P1 go first: ```csvpreview time, P1, P2, P3, P4, P5 0,Thinking,Thinking,Thinking,Thinking,Thinking 1,C1 and C5, Thinking, C2 and C3, Thinking, Thinking 2,Eat, Thinking, Eat, Thinking, Thinking 3, Put down, Thinking, put down, C3 and C4, Thinking 4, Thinking, C1 and C2, Thinking, Eat, Thinking 5, Thinking, Eat, Thinking, Put down, C4 and C5 6, Thinking, Put down, C2 and C3, Thinking, eat 7, C1 and C5, Thinking, Thinking, Thinking, Put Down ```