Homework 2 Due Date: May 9, 2000 Points: 200 1. (20 points) A noted computer security expert has said that without integrity, no system can provide confidential- ity. a. Do you agree? Please justify your answer. b. Can a system provide integrity without confidentiality? Again, please justify your answer. 2. (25 points) Given the security levels TOPSECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to lowest), and the categories A, B, and C, say what type of access (read, write, or both) is allowed in the following situations. Assume discretionary access controls allow anyone access unless otherwise specified. a. Paul, cleared for (TOPSECRET, { A, C }), wants to access a document classified (SECRET, { B, C }). b. Anna, cleared for (CONFIDENTIAL, { C }), wants to access a document classified (CONFIDENTIAL, { B }). c. Jesse, cleared for (SECRET, { C }), wants to access a document classified (CONFIDENTIAL, { C }). d. Sammi, cleared for (TOPSECRET, { A, C }), wants to access a document classified (CONFIDENTIAL, { A }). e. Robin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document classified (CONFIDENTIAL, { B }). 3. (25 points) Declassification effectively violates the *-property of the Bell-LaPadula Model. Would raising the classification of an object violate any properties of the model? Why or why not? 4. (30 points) Please show how separation of duty is incorporated into Lipner's model. 5. (100 points) The host pacific-hts.cs.ucdavis.edu is a Windows 2000 system on the network. We will be conduct- ing a penetration test as a class experiment throughout this term. The goal is to acquire access to the system as a user (administrator or otherwise). The first step in a penetration test is to hypothesize flaws, or potential vulnera- bilities. For this exercise, you must assume you are analyzing the system as though you have no access to it other than from the network. You will hypothesize potential flaws, but not test them yet. a. Determine what network servers pacific-hts is running. (Hint: find the program nmap, download it and use it.) b. Please devise three possible network-based vulnerabilities on the system using your knowledge of the serv- ers and of potential vulnerabilities in them. You must justify why you think the system may have that vulner- ability. Please post your description to the newsgroup ucd.class.ecs253.d. As part of the requirement for this answer, each student must submit 3 different potential vulnerabilities; the first poster of each potential vul- nerability gets credit for it. So be sure your vulnerabilities are different than your classmates'! For credit for this problem, please turn in the following: a. The output of a port scanner run against pacific-hts. Please be sure to put the date in the output (you can do this by hand if you like) because the configuration will be changing. b. Three possible vulnerabilities using the template below. Fill in what you can; put "to be determined" where you don't know. Please don't submit things that others have posted to the newsgroup. However, if you have an idea for a different vulnerability inspired by something that was posted, go ahead and submit that. Grad- ing will not be based on whether the hypothesized flaw exists; it will be based upon your creativity, ideas, and justifications. On the form, incidentally, your justification should go in the section for the long descrip- tion. Your description here should explain the vulnerability on an existing system, and why you think pacific- hts may suffer from it; or, explain what you think the vulnerability would be, and (again) why pacific-hts may have it. The Template For the Holes This may be found on the web as http://seclab.cs.ucdavis.edu/projects/vulnerabilities/doves/template.html.