Book-- Computer Security, Art and Science, Matt Bishop, Addison-Wesley 2003 Chap
ID: 3620168 • Letter: B
Question
Book-- Computer Security, Art and Science, Matt Bishop, Addison-Wesley 2003Chapter 3, Section 3.9 Exercises, Problem 1
Q:- The proof of Theorem 3–1 states the following: Suppose two subjects s1 and s2 are created and the rights in A[s1, o1] and A[s2, o2] are tested. The same test for A[s1, o1] and A[s1, o2] = A[s1, o2] A[s2, o2] will produce the same result. Justify this statement. Would it be true if one could test for the absence of rights as well as for the presence of rights?
Theorem 3–1:- There exists an algorithm that will determine whether a given mono-operational protection system with initial state s0 is safe with respect to a generic right r.
Explanation / Answer
Dear User, Suppose that two subjects s1 and s2 are created and the rights in A[s1 , o1 ] and A[s2, o2] are tested. The same test for A[s1, o1] and A[s1, o2] = A[s1, o2] U A[s2, o2] will produce the same result. Hence, all creates are unnecessary except possibly the first (and that only if there are no subjects initially), and any commands entering rights into the new subjects are rewritten to enter the new right into the lone created subject. Similarly, any tests for the presences of rights in the new subjects are rewritten to test for the presence of that right in an existing subject (or, if none initially, the first subject created). Let |S0| be the number of subjects and |O0| the number of objects in the initial state. Let n be the number of generic rights. Then, in the worst case, one new subject must be created (one command), and the sequence of commands will enter every right into every element of the access control matrix. After the creation, there are |S0| + 1 subjects and |O0| + 1 objects, and (|S0| + 1)(|O0| + 1) elements. Because there are n generic rights, this leads to n(|S0| + 1)(|O0| + 1) commands. Hence, k n(|S0| + 1)(|O0| + 1) + 1I hope this will helps to you