2. Access Control a. Access Control is an important concept in Computer Security. i. What is a subject in access control terminology? Briefly justify your answer and provide an example. [1 marks] ii. What is the decision to grant or deny an access to a process based on? Briefly justify your answer or provide an example. [1 marks] iii. What is an Access Control List? Briefly justify your answer or provide an example. [1 marks] iv. What is associated a capability (i.e., a list of objects) to? Briefly justify your answer or provide an example. [1 marks] v. Describe the main properties of discretionary and mandatory access control policies. [4 marks] b. Suppose that in a system that enforces an information flow policy for integrity, subjects sl and s2 have high security clearance (inherited from the associated principal), while objects o1, 02, 03, and 04 all have medium security sensitivity. Subjects s3 and s4 have low security clear- ance. i. Using a diagram similar to the one shown in Fig. 1, indicate the allowed direction of information flow for this example, and show all the possible operations by all subjects/objects of the example by indicating whether each operation is allowed or denied by the example policy. [9 marks] High Medium Direction of permitted information flow LOW Figure 1: Information Flow Policy ii. How are the read and write operations generically defined in terms of information flow? [2 marks] c. Read the following Unix command description. In Unix-like operating systems, chmod is the command and system call which may change the access permissions to file system objects (files and directories). It may also alter special mode flags. i. Briefly describe the classes of operations/permissions and users in Unix-like O Ses used for file access control. [3 marks] ii. Describe an example of a special mode flag in Unix-like OSes [3 marks]