Csci262 A1 2020
Csci262 A1 2020
Csci262 A1 2020
Choose, and place in this order, one lower case letter, following by one upper case letter,
followed by two digits, followed by @, followed by two letters, each upper or lower case,
and then followed by three symbols drawn from the set {$,9,5,v,w,J}. Finally, apply the
hash function Tiger to give an output string in hex which will be used as a password.
Assume random choices are made with equal likelihood of each symbol from the space being chosen
from. So for a random digit there are 10 possibilities, each chosen with probability 1/10.
2. Generate a BLP lattice–structured system where the objects and subjects are appropriately levelled
to give access consistent with the access control matrix below. You need to describe the process by
which you obtain your lattice. R and W correspond, respectively, to read and append. You are to
use only the mandatory BLP rules, and a default allow in place of the discretionary rule. Be sure to
add a level as necssary to ensure this is a lattice. 2 Mark
O1 O2 O3 O4 O5 O6
S1 R R R R R RW
S2 R W W W
S3 R RW RW W W
S4 R R W
S5 R
S6 R R R R
3. For the following collection of statements, describe the sets of actions, objects, and subjects; and
draw an access control matrix to represent the scenario. 1 Mark
1
Alice can climb trees and eat apples.
• Construct an associated file system, into which a user can log. Files can be created, read from,
written to, but only in accordance with a four–level access control model.
• The levels of the four–level access control model are 0, 1, 2 and 3. 0 is dominated by 1, 2 and 3; and
1 and 2 are dominated by 3; and 1 is dominated by 2.
Remark: You do not need to have an actual file system, simply an internal collection of
records at the levels specified.
You can implement the program in C++, C or Java. You will use MD5 in this task.
2
User clearance (0 or 1 or 2 or 3): 1
Once we have this information we can modify the salt.txt and shadow.txt files to include this user. To
salt.txt we add a line, with a generic example and a specific one for user Bob given here:
Username:Salt
Bob:38475722
Username:PassSaltHash:SecurityClearance
Bob:dd2da44f4437d529a80809932cb3da83:1
PassSaltHash is generated as the MD5 hash of the concatentation of the user’s password with the salt, For
example if the Password is “alphabet” and the Salt is “12345678”, we would pass “alphabet12345678” to
the MD5 function.
Logging in
Running FileSystem with no arguments will allow a user to try and log into the file system.
Remark: The file Files.store needs to be loaded, see later as to what this contains.
Username: Bob
Password: ........
The system checks if the Username is listed in the file salt.txt. If the Username is in the file then their
salt value is retrieved and the PassSaltHash is generated. A message should be displayed to indicate that
the salt has been retrieved.
The system should now compare the PassSaltHash value with that in the file shadow.txt. If the informa-
tion in shadow.txt doesn’t match the generated information, FileSystem should stop with appropriate
error messages.
If the shadow.txt information matches, the clearance of the user is reported, and authentication is
reported to be complete.
3
Once logged in ...
A list of allowed actions is now displayed
Options: (C)reate, (A)ppend, (R)ead, (W)rite, (L)ist, (S)ave or (E)xit. (1)
The C option will result in a request for filename from the client.
Filename: alpha
The classification level of a “file” is the same as its owner’s clearance level.
The program should maintain a list of “files” as internal entries. If the passed file doesn’t exist, it’s
name, owner and classification should be added to the list. If the passed file does exist an appropriate
message should be displayed and the system should re–display the menu marked (1).
The A, R and W choices each results in a request for a filename.
Filename: alpha
Again a check is made as to whether the file exists. If the file doesn’t exist an appropriate error message
should be provided and the menu (1) should be re–displayed. If the file does exist, a message informing
success or failure will be displayed. Success or failure is determined by the relative clearance of the user
and the classification of the file they are trying to access, in accordance with the Bell–LaPadula model.
Subsequently the menu (1) should be re–displayed.
The L option lists all files in the FileSystem records. The S option saves all the data to a file
Files.store. This file should be human readable. This file should always be loaded if it is available
when FileSystem starts without the -i argument.
The E option should exit the FileSystem, after checking with the user:
Shut down the FileSystem? (Y)es or (N)o
NOTE: When your program starts, before bringing up a prompt, it should report a test output of the
MD5. You should call your MD5 with the string “This is a test”.
MD5 ("This is a test") = ce114e4501d2f4e2dcea3e17b546f339
Don’t hard code this output.
Notes on submission:
1. Submission is via Moodle.
2. Write your full name and student ID on your submission
3. Include the compilation instructions with your submission (i.e., provide a readme.txt file).
4. The program in Part 2 will be tested in Capa and hence please do test in Capa before submission.
5. Late submissions will be marked with a 25% deduction for each day, including days over the weekend.
6. Submissions more than three days late will not be marked, unless an extension has been granted.
7. If you need an extension apply through SOLS, if possible before the assignment deadline.
8. Plagiarism is treated seriously. Students involved will receive zero.