Suppose a new class of users, the system security officers (SSOs), were to be added to the access control matrix discussed in Section 26.2.2. Augment the matrix with the change right. This right allows the user to alter the classes of other users in that category. For example, if user Amy had change rights over the class "developers," she could change the class of user Tom, who is currently in the "developers" class, to any of the other four classes.
a. Let Alice be a member of the SSO class, and let her have change rights over the "developers" and "employees" classes. Let Bob be a member of the SSO class, with change rights over "outsiders" and "employees." Redraw the matrix for this situation and write rules describing the allowed transformations of the matrix.
b. Describe any problems that might occur if Alice and Bob were not careful about the changes of classes they made. Could information leak in undesired ways? If so, give an example. If not, show why not.
c. Should members of the SSO class be allowed to apply the change right to members of that class? Justify your answer. In particular, state what damage could occur if this were allowed, and if it were not allowed.