Exercises sheet 2
- Define the principle of least privileges.
- Why Linux basic discretionary access control scheme does not adhere to this principle?
- Describe the difference between DAC and MAC.
- Explain the Bell-LaPadula Model and the Biba Model.
- Why a reference monitor is required?
- Research how basic access control is implemented in Windows.
- Explain why a system such as SELinux is necessary.
- In normal Linux DAC access check are only performed on file open operation.
However, in SELinux, they are checked on any operation to the file.
Explain why this change was made.
- Look at the Yama LSM documentation and its code. Try to explain how it works.
- Read the paper associated with the 4th video.
Slide number 8 introduces a number of requirements an IDS should fulfil.
Discuss how well you think the solution proposed in the paper fulfil those requirements.
Do you have any suggestion to improve the system?