1. (5 points) Assume a system enforces both the BLP and Biba properties. For BLP thatmeans read down/write up only and for Biba it means read up/write down only. Assumealso that two models use identical levels for both security and integritySL = security clearance for level L = integrity clearance for level LSC = security category set for cat. C = integrity category set for cat CProve that in this system a subject can only read and write at his own level
2.a. (2 points) In Lipner's model consider moving a program from development intoproduction. What are the starting and ending security and integrity levels of this object
2b. (1 point) Who in Lipner's model can make this change?
2c. (3 points) Explain the reads and writes necessary to make this change and justify theread and write using Lipner's matrix
3. (3 points) The Chinese Wall Model is about controlling data flow to avoid conflict ofinterest (COI). If company A and B are in the same COI class, a consultant can not workwith both clients as there might be sharing of information between A and B. Similarly, ifC and D are in a second COI class, a consultant can not work with both C and D as itmight lead to sharing of information between C and D. However, a consultant is allowedto work with companies from different COI classes, i.e., one company from COI 1 andone company from COI 2. Clearly if a consultant can read a file from company A, hecan't be allowed to write to a file from company B. What additional write restrictionneeds to be imposed to ensure there is no information flow within a COI class? Explainyour answer.
A
B
C
D
COI 1
Banks
COI 2
Utilities