author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
Sat, 18 Oct 2014 23:07:50 +0100 | |
changeset 247 | 95e14b2dbc94 |
parent 239 | 0db764174afb |
child 250 | bf4538649619 |
permissions | -rw-r--r-- |
39 | 1 |
\documentclass{article} |
2 |
\usepackage{charter} |
|
3 |
\usepackage{hyperref} |
|
50 | 4 |
\usepackage{amssymb} |
39 | 5 |
|
6 |
\begin{document} |
|
7 |
||
8 |
\section*{Homework 4} |
|
9 |
||
10 |
\begin{enumerate} |
|
239
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
11 |
\item What does the principle of least privilege say? |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
12 |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
13 |
\item In which of the following situations can the access control mechanism of Unix |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
14 |
file permissions be used? |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
15 |
|
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
16 |
\begin{itemize} |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
17 |
\item[(a)] Alice wants to have her files readable, except for her office mates. |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
18 |
\item[(b)] Bob and Sam want to share some secret files. |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
19 |
\item[(c)] Root wants some of her files to be public. |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
20 |
\end{itemize} |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
21 |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
22 |
\item Explain what is meant by \emph{Kerckhoffs' principle}. |
39 | 23 |
|
122
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
24 |
\item How can a system that separates between \emph{users} and \emph{root} be of any |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
25 |
help with buffer overflow attacks? |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
26 |
|
239
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
27 |
\item What does it mean that the program \texttt{passwd} has the |
0db764174afb
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
122
diff
changeset
|
28 |
\texttt{setuid} bit set? Why is this necessary? |
122
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
29 |
|
247
95e14b2dbc94
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
239
diff
changeset
|
30 |
\item With which permissions does the program \texttt{login} |
95e14b2dbc94
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
239
diff
changeset
|
31 |
normally have and why is this needed? |
122
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
32 |
|
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
33 |
\item A Unix directory might look as follows: |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
34 |
|
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
35 |
\begin{center} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
36 |
\begin{verbatim} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
37 |
$ ls -ld . * */* |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
38 |
drwxr-xr-x 1 ping staff 32768 Apr 2 2010 . |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
39 |
-rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
40 |
-r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
41 |
-rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
42 |
dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
43 |
-rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
44 |
-r--rw---- 1 emma students 959 Jan 23 2012 src/code.h |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
45 |
\end{verbatim} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
46 |
\end{center} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
47 |
|
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
48 |
with group memberships assigned as follows: |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
49 |
\begin{center} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
50 |
\begin{tabular}{ll} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
51 |
Members of group staff: & ping, bob, emma\\ |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
52 |
Members of group students: & emma\\ |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
53 |
\end{tabular} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
54 |
\end{center} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
55 |
|
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
56 |
The file microedit is a text editor, which allows its users to open, edit and |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
57 |
save files. Note carefully that microedit has set its setuid flag. |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
58 |
Fill in the access control matrix below that shows for each of the above five files, |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
59 |
whether ping, bob, or emma are able to obtain the right to read (R) or replace (W) its |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
60 |
contents using the editor microedit.\bigskip |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
61 |
|
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
62 |
\begin{center} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
63 |
\begin{tabular}{r|c|c|c|c|c} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
64 |
& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
65 |
ping & & & & &\\\hline |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
66 |
bob & & & & &\\\hline |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
67 |
emma & & & & &\\ |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
68 |
\end{tabular} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
69 |
\end{center} |
f0e51ffd2965
added hw
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
70 |
|
247
95e14b2dbc94
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
239
diff
changeset
|
71 |
\item In the context of which information flow should be protected, explain briefly the |
95e14b2dbc94
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
239
diff
changeset
|
72 |
differences between the {\it read rule} of the Bell-LaPadula access |
95e14b2dbc94
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
239
diff
changeset
|
73 |
policy and the Biba access policy. Do the same for the {\it write rule}. |
39 | 74 |
|
75 |
\end{enumerate} |
|
76 |
||
50 | 77 |
|
39 | 78 |
\end{document} |
79 |
||
80 |
%%% Local Variables: |
|
81 |
%%% mode: latex |
|
82 |
%%% TeX-master: t |
|
83 |
%%% End: |