sen-material: comparison hws/hw04.tex

equal deleted inserted replaced

-:6ba55ba5b588
+:0db764174afb
 \begin{document}
 \section*{Homework 4}
 \begin{enumerate}
+\item What does the principle of least privilege say?
+\item In which of the following situations can the access control mechanism of Unix
+file permissions be used?
+\begin{itemize}
+\item[(a)] Alice wants to have her files readable, except for her office mates.
+\item[(b)] Bob and Sam want to share some secret files.
+\item[(c)] Root wants some of her files to be public.
+\end{itemize}
 \item Explain what is meant by \emph{Kerckhoffs' principle}.
 \item How can a system that separates between \emph{users} and \emph{root} be of any
 help with buffer overflow attacks?
-\item Consider the following simple mutual authentication protocol:
+\item What does it mean that the program \texttt{passwd} has the
+\texttt{setuid} bit set? Why is this necessary?
-\begin{center}
-\begin{tabular}{ll}
-$A \rightarrow B$: & $N_a$\\
-$B \rightarrow A$: & $\{N_a, N_b\}_{K_{ab}}$\\
-$A \rightarrow B$: & $N_b$\\
-\end{tabular}
-\end{center}
-Explain how an attacker $B'$ can launch an impersonation attack by
-intercepting all messages for $B$ and make $A$ decrypt her own challenges.
-\item Explain what are the differences between dictionary and brute forcing attacks  against  passwords.
 \item In the context of which information flow should be protected, explain briefly the
 differences between the {\it read rule} of the Bell-LaPadula access
 policy and the Biba access policy. Do the same for the {\it write rule}.

changeset 239	0db764174afb
parent 122	f0e51ffd2965
child 247	95e14b2dbc94