Question

Consider using mandatory access controls and compartments to implement an ORCON control. Assume that there are k different organizations. Organization i will produce n(i, j) documents to be shared with organization j.

a. How many compartments are needed to allow any organization to share a document with any other organization?

b. Now assume that organization i will need to share nm(i, i1, ..., im) documents with organizations i1, ..., im. How many compartments will be needed?

Answer 1

(a)Answer : We can assume that two ,three or more compartments need to share document. Suppose a document of i  ∈(element of) Imarks an object j ∈Eas ORCON on behlaf of organization J.Organization J allows organization to organization to be disclose to subjects acting on behlaf of a second organization,Y,subject to the following restrictions.

a.The object x cannot be release to subjects acting on behlaf of other organizations without J permission

b. Any copies of x must have the same restrictions placed on it .

(b) We can assume that a member in the organization F wants to provide the access to a document d belongs to organization F to a member of organization A, but the document not expected to be shared with members of other organization G or H.

So, document d cannot be in cateogry c because if it were,memebers S ∈S and L ∈L could access d. Another cateogry containing d, f, and A must be created. Mulitplying relationships and documents creates an unacceptably large number of categories.