Assignment
Instructions:
Answers to be numbered and in order. Include the page number and your name on each page. For questions 5 use the Scenario contained in the SQL Scripts provided as a separate attachment.
1. Security Plans, Policies, Procedures, and Models.
a. Describe the key features of a Security Plan (What is it? Why is it important? What are its key parts? Who is it for? How does it work or not work? (Problems with creating and implementing).
b. What is the role of Security Policies? (What is a Security Policy? How do Policies relate to Procedure? How do Policies relate to the Security Plan?)
c. What is the role of Security Procedures? (What is a Security Procedure? How does it relate to Security Policies and Plans?)
d. What is the purpose of a Security Model? (What do models do? How do they do it? What is in a model? What is not in a model?)
2. Access Matrix Model, Access Control Lists
a. Describe the Access Matrix Model (Key features, and a graphic example)
b. Describe the How Access Control Lists are used (Key features, graphic example)
3. Bell-LaPadula Model
Describe the Bell-LaPadula Model (What kind of model is it? What are its key Features? What are its key Axioms? ( include a graphic example)
4. Jajodia Sandhu Model
Employee
|
SSN
|
C1
|
Name
|
C2
|
Salary
|
C3
|
DN
|
C4
|
TC
|
|
001
|
U
|
Able
|
S
|
20000
|
U
|
C100
|
U
|
S
|
|
002
|
U
|
Bond
|
U
|
45000
|
S
|
C200
|
U
|
S
|
|
003
|
U
|
Coe
|
C
|
70000
|
S
|
C300
|
C
|
S
|
|
004
|
U
|
Drake
|
C
|
135000
|
TS
|
C400
|
C
|
TS
|
Suggested way to proceed:
Take the original multilevel table given and decompose it into two tables. One at the Secret level (containing everything that should be shown as the Secret Level) and one at the Top Secret level (which is actually the same as the original table at this point).
Use these two freshly created tables as the input tables for both parts a and b (in other words DO NOT use the OUTPUT result from a as input to b).
For part a. Apply all the transaction to the two new tables and show the end result as your answer to part a (as updated set of both tables).
For part b. Apply all the transaction to another fresh copy of the two new table (meaning don't use the output tables from part a as input to part b) and show the end result as your answer to part b.
a. Suppose an S-subject requests the following insert operations (show the effect on the instance tables for both the secret and top secret level). Your answer will be two new tables (one at the Secret Level and One at the Top Secret Level -- with the necessary changes included --) that show the result of the inset and update transactions below (15 points).
INSERT INTO Employee
VALUES 005, "Jones", 80000, "C400";
INSERT INTO Employee
VALUES 001, "Able", 90000, "C300";
UPDATE Employee
SET Salary = 50000
WHERE Name = "Bond" or "Drake";
b Suppose a TS-subject request the following insert/update operations (show the effect on the instance tables for both the secret and top secret level). Your answer will be two new tables -- with the necessary change included -- that show the result of the inset and update transactions below (15 points). Remember: For part b. Apply all the transaction to another fresh copy of the two new table (meaning don't use the output tables from part a as input to part b) and show the end result as your answer to part b.
INSERT INTO Employee
VALUES 002, "Bond", 90000, "C300";
UPDATE Employee
SET Salary = 60000;
NOTE: There is NO WHERE Clause in this statement. This is intentional.
Attachment:- Scenario.rar