San Diego State University
CS574 Computer Security
Homework Assignment #3
Due Date: 27 March 2020, 11:59 PM
• Please type the solutions using a word processor such as MS Word, Latex, or write by hand
neatly and upload the scanned copy of it. Programming question should be submitted in a
separate file.
• Turn in your assignment through blackboard.
1. For the DAC model, an alternative representation of the protection state is a directed
graph. Each subject and each object in the protection state is represented by a node (a
single node is used for an entity that is both subject and object). A directed line from a
subject to an object indicates an access right, and the label on the link defines the access
right. (15 Points)
a. Draw a directed graph that corresponds to the access matrix of the below figure.
b. Draw a directed graph that corresponds to the access matrix of the below figure
2. Which of these is an example capability system, and which is an ACL-based approach?
(16 Points)
a. A club has a list of approved people.
b. Some dorms have card-swipe access, where the magnetic code on the card is matched
against a list of residents.
c. You give your friend a key to your apartment
d. Your car has a parking permit specifying where you're allowed to park.
3. Capabilities could be described as an authorization mechanism that is based on “something
you have”. How might we analogously describe the following mechanisms for controlling
access to confidential information? (10 Points)
a. Access control lists.
b. Encryption.
4. (10 Points)
a. Suggest a way of implementing protection domains using access control lists.
b. Suggest a way of implementing protection domains using capability tickets.
5. Discuss the strengths and weaknesses of implementing an access matrix using capabilities
that are associated with domains. (14 Points)
6. A secure biometrics system authenticates the user based on his/her physiological (e.g.,
fingerprint, face, voice) or behavioural (e.g., gait, hand gesture, keystroke) traits. Typically,
a binary classification model will be developed to generate predicted probabilities based on
the input information. Please explain (15 Points):
a. How do you convert the predicted probabilities into class predications?
b. How do you generate the ROC curve when you want to evaluate your system
performance?
7. Coding question (20 Points)
Write a program that can display a file's list of security permissions and assign a list of
permissions to a file.
Description –
Your program should be able to read the already existing file’s permission and then change
the permissions of the same file. One way of reading the file security information is by using
system calls such as GetSecurityInfo or GetNamedSecurityInfo. The system call reads the list
of permissions for an object. You must describe in short each system call that your
program uses.
Reference - http://timgolden.me.uk/python/win32_how_do_i/add-security-to-a-file.html