Question

In: Computer Science

Consider using mandatory access controls and compartments to implement an ORCON control. Assume that there are...

Consider using mandatory access controls and compartments to implement an ORCON control. Assume that there are k different organizations. Organization i will produce n(i, j) documents to be shared with organization j.

a. How many compartments are needed to allow any organization to share a document with any other organization?

b. Now assume that organization i will need to share nm(i, i1, ..., im) documents with organizations i1, ..., im. How many compartments will be needed?

Solutions

Expert Solution

(a)Answer : We can assume that two ,three or more compartments need to share document. Suppose a document of i  ∈(element of) Imarks an object j ∈Eas ORCON on behlaf of organization J.Organization J allows organization to organization to be disclose to subjects acting on behlaf of a second organization,Y,subject to the following restrictions.

a.The object x cannot be release to subjects acting on behlaf of other organizations without J permission

b. Any copies of x must have the same restrictions placed on it .

(b) We can assume that a member in the organization F wants to provide the access to a document d belongs to organization F to a member of organization A, but the document not expected to be shared with members of other organization G or H.

So, document d cannot be in cateogry c because if it were,memebers S ∈S and L ∈L could access d. Another cateogry containing d, f, and A must be created. Mulitplying relationships and documents creates an unacceptably large number of categories.


Related Solutions

here are several access control models and in class we learnt specifically about 3 flavors: Mandatory...
here are several access control models and in class we learnt specifically about 3 flavors: Mandatory Access Control (MAC), Role Based Access Control (RBAC), and Discretionary Access Control (DAC). In your own words differentiate these 3 models. Your answer should include a specific example where a specific model is best.
Entity-Level Controls from AS5 A. Access control and monitoring software. B. Budgetary controls. C. Report highlighting...
Entity-Level Controls from AS5 A. Access control and monitoring software. B. Budgetary controls. C. Report highlighting credit sales, returns, and allowances over the complete and entire reporting period, including 30 days after the close of a financial reporting period. D. Use of control frameworks such as those provided by COSO and COBIT. E. A report of all employees not taking required vacation days. F. Development of a business interruption plan. G. Program change controls. H. Supervision. 1. Controls related to...
Explain discretionary access controls (DACs) and nondiscretionary access controls (NDACs) (30 marks)
Explain discretionary access controls (DACs) and nondiscretionary access controls (NDACs)
Discuss the advantages and disadvantages of using hospital patients as controls in case-control studies.
Discuss the advantages and disadvantages of using hospital patients as controls in case-control studies.
Access control" - Several "Access control" best practices were introduced this week. What is the goal...
Access control" - Several "Access control" best practices were introduced this week. What is the goal of "Access control"? Which "Access control" best practices would you recommend be implemented in a company accounting department?
Principles of Information Security Using about 1000 words Explain in detail discretionary access controls (DACs) and...
Principles of Information Security Using about 1000 words Explain in detail discretionary access controls (DACs) and nondiscretionary access controls (NDACs)
Defining internal control Internal controls
Question Defining internal control Internal controls are designed to safeguard assets, encourage employees to follow company policies, promote operational efficiency, and ensure accurate accounting records.Requirements1. Which objective do you think is most important?2. Which objective do you think the internal controls must accomplish for the business to survive? Give your reason.
The University is trying to decide whether to implement a mandatory remedial math course for students...
The University is trying to decide whether to implement a mandatory remedial math course for students with low test scores upon admissions. Historically, students with low admissions test scores have failed their first math course 61% of the time. A random sample of students with low scores is selected and assigned to a remedial math course. These students are tracked and it is found that 102 out of 175 of them still fail their first regular math course.             If...
Role-based access control (RBAC), an accepted model for access control in enterprise environments, may provide the...
Role-based access control (RBAC), an accepted model for access control in enterprise environments, may provide the means for conditions effectively restrict access based on rules and prerequisite conditions. However, there may be weaknesses in this approach. Provide strengths and weaknesses of role-based access control use in any size organization of your choice.
- What is the order of precedence between discretionary access check and Mandatory integrity check? Please...
- What is the order of precedence between discretionary access check and Mandatory integrity check? Please explain? - Suppose kkk.exe running with low integrity downloads an executable from unknownsite.com. can the download executable write to %SystemRoot%\System32? Why or Why not?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT