A company has systems in the Development and Production.
A company has systems in the Development and Production. The development systems DS have lower integrity level than the production systems PS. Consider the rights r (read), w (write) and m (manage). Programmers can read, and write to the Development systems, while System Administrators have all rights on both Development and Production systems. 1.5 pages
a. (2 pts) Define the subjects, objects and the access control matrix.
b. (2 pts) Are the read and write rules in Biba’s integrity model satisfied? Explain.
c. (4 pts) Programmers need to troubleshoot a problem in the Production systems. The System Administrators create a new process p in the Production Systems to copy data related to the problem and write to the Development Systems.
• Update the access control matrix with process p.
• Is Biba’s integrity model satisfied? Explain.
d. (2 pts) Can the situation in c) above violate Bell-Lapadula confidentiality model? How would you propose to fix it? ( Is Biba’s integrity model satisfied?)
2. (Bonus 10 pts) Explain why the enforcement rules of the Clark-Wilson model can emulate the Biba model. Give a simple example to illustrate your argument.
In computer science, an Access Matrix or Access Control Matrix is an abstract, formal security model of protection state in computer system. The matrix characterizes the right of every subject in correlation with each object in the system. The Access Control Matrix was introduced by Lampson Butler W. in 1972……………………..