you will change file access in Bionic Beaver. This project relates to projects 1 and 2, but only…

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadlines.


Order a Similar Paper Order a Different Paper

In this project, you will change file access in Bionic Beaver. This project relates to projects 1 and 2, but only

builds on project 1. In project 1, you attached a tag to each process. In project 2, you used part of this tag to

constrain scheduling to prevent a covert channel. In this project, you will implement hierarchical access control

according to Bell-LaPadula (BLP) to eliminate overt information flows.

Recall that the tag contains two fields:

1. level (the two LSBs, bits 0 and 1) and

2. bitmap (bits 2-30).

As before, two level fields can be compared numerically in a total order: 3 > 2 > 1 > 0. The bitmap fields can be

treated as associating each bit with a need-to-know category. A bitmap with bit b set can be used to represent a

security label indicating that a file contains information specific to category b, or that a user has been cleared to

access information on category b, or that a process has access to category b. In Mandatory Access Control

(MAC), these labels can be used to determine access rights (in addition to the usual discretionary access control

methods).

File access control is decided on the basis of the properties of the process that requests access to a file, and the

properties of that file. In BLP, there are two rules that constrain information flow to be only from less sensitive

to more sensitive, fewer categories to more categories:

1. No read up, and

2. No write down.

Up and down depend upon the labels. A process with label L = is not allowed to read a file with

label L’ = if either level’ > level or if any bit is set in bitmap B’ and is not set in bitmap B (i.e., L

dominates L’). That is, a process can only “read down” to a file at the same or lower level, and containing

information associated with a subset of the need-to-know categories for which the process is authorized. This

prevents information from flowing from a more restricted file to a less restricted process. To prevent

information flow from a more restricted process to a less restricted file, a process with label L = is

not allowed to write to a file with label L’ = if either level > level’ or if any bit is set in B and is not

set in B’ (i.e., L is dominated by L’). That is, a process can only “write up” to a file at the same or higher level,

containing information associated with a superset of the need-to-know categories for which the process is

authorized.

Attachments:

"Is this question part of your assignment? We can help"

ORDER NOW
Writerbay.net

Do you need help with this or a different assignment? We offer CONFIDENTIAL, ORIGINAL (Turnitin/LopesWrite/SafeAssign checks), and PRIVATE services using latest (within 5 years) peer-reviewed articles. Kindly click on ORDER NOW to receive an A++ paper from our masters- and PhD writers.

Get a 15% discount on your order using the following coupon code SAVE15


Order a Similar Paper Order a Different Paper