Discussion Questions: Bishop, Chapter 7 Hybrid Policies

1
Discussion Questions Bishop, Chapter 7 (Hybrid
Policies)

• Prove the second immediate consequence of the
  CS-Simple Condition on page 171 that the
  minimum number of subjects needed to access every
  object in a COI class is the same as the number
  of CDs in that class. Do not use Axiom 7-2.
• What is/are the main difference/s between the
  Chinese Wall model and the Bell-LaPadula models?
  Give two security scenarios one where the CW
  model would work better and one where the BLP
  model would work better.
• What does Bishop mean when he says the
  Bell-LaPadula model focuses on the subjects
  accessing the objects ... whereas the Clinical
  Information Systems model focuses on the objects
  being accessed by the subjects?
• Is the UNIX file-protection system originator
  controlled? If not, is there any easy way to
  make it originator controlled?
• Is the notion of a role the same as the notion of
  a group in UNIX? What are the similarities and
  differences?