计算机系统安全2018【4】第八章：机密性

1: Why is it meaningless to have
compartments at the UNCLASSIFIED level (such as (UNCLASSIFIED, { NUC }) and (
UNCLASSIFIED, { EUR }))?

为什么级别为公开时无需分类？

因为公开的不分类也都可读，不能随便写入

2:
Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED
(ordered from highest to lowest), and the categories A, B, and C, specify what
type of access (read, write, both, or neither) is allowed in each of the
following situations. Assume that discretionary access controls allow anyone
access unless otherwise specified.
安全级别、分类，在自主访问控制授予相应权限下，下面情况的访问类型？

1）Paul, cleared
for (TOP SECRET, { A, C }), wants to access a document classified (SECRET, { B,
C }).  无

2）Anna, cleared for (CONFIDENTIAL, { C }), wants to access a document
classified (CONFIDENTIAL, { B }).   无

3）Jesse, cleared for (SECRET, { C }), wants to access a document
classified (CONFIDENTIAL, { C }).  读

 4）Sammi, cleared for (TOP SECRET, { A, C }), wants to access a
document classified (CONFIDENTIAL, { A }). 
读
5）Robin, who has no clearances (and so works at the UNCLASSIFIED
level), wants to access a document classified (CONFIDENTIAL, { B }).   无

3: Prove that any file in the DG/UX system
with a link count greater than 1 must have an explicit MAC label.
证明DG/UX系统中连接数大于1时，必须有显示标签。

 1）硬连接       

Ø  如果mount到一个无标签的文件系统A, A上所有文件和目录的标签均为mount点的标签，如果A上有一个文件x1，A上另一个文件x2为硬连接指向x1则二者标签必须改为显示

Ø  如果mount到一个无标签的文件系统A，A上建立文件x3，x3为硬连接指向非挂载系统上文件x4，建立文件x3时A上相应目录标签改为显示标签

Ø  如果非挂载系统上文件x5建立指向挂载文件系统A上x6，则x6以及它的上级目录标签必须改为显示标签

   2）符号连接

   符号连接是文件，和文件的标签性质相同

4: In the DG/UX system, why is the virus prevention region below the user region?

病毒区在下面，上级程序可读，但上级程序不可写保护系统不被纂改

5: In the DG/UX system, why is the
administrative region above the user region?

管理区在上面，可检查下面用户程序、系统程序的一致性，可检查用户数据的正确性；下层产生的日志信息写入管理区。符合安全性。