1 \documentclass{article} |
1 \documentclass{article} |
2 \usepackage{charter} |
2 \usepackage{charter} |
3 \usepackage{hyperref} |
3 \usepackage{hyperref} |
|
4 \usepackage{amssymb} |
4 |
5 |
5 \begin{document} |
6 \begin{document} |
6 |
7 |
7 \section*{Homework 4} |
8 \section*{Homework 4} |
8 |
9 |
9 \begin{enumerate} |
10 \begin{enumerate} |
10 \item What is bad about security-by-obscurity? |
11 \item Voice voting is the method of casting a vote in the `open air' for everyone |
11 |
12 present to hear. Which of the following security requirements do paper ballots |
12 \item In which of the following situations can the access control mechanism of Unix |
13 satisfy better than voice voting? Check all that apply and give a brief explanation |
13 file permissions be used? |
14 for your decision. |
14 |
15 |
15 \begin{itemize} |
16 \begin{itemize} |
16 \item[(a)] Alice wants to have her files readable, except for her office mates. |
17 \item[$\Box$] Integrity\bigskip\bigskip |
17 \item[(b)] Bob and Sam want to share some secret files. |
18 \item[$\Box$] Enfranchisement\bigskip\bigskip |
18 \item[(c)] Root wants some of her files to be public. |
19 \item[$\Box$] Ballot secrecy\bigskip\bigskip |
|
20 \item[$\Box$] Voter authentication\bigskip\bigskip |
|
21 \item[$\Box$] Availability\bigskip\bigskip |
19 \end{itemize} |
22 \end{itemize} |
20 |
23 |
21 \item What should the architecture of a network application under Unix |
|
22 be that processes potentially hostile data? |
|
23 |
24 |
24 \item How can you exploit the fact that every night root has a cron |
25 \item Explain how an attacker can use chain voting in order to influence the outcome of a |
25 job that deletes the files in \texttt{/tmp}? |
26 poll using paper ballots. |
26 |
27 |
27 \item What does it mean that the program \texttt{passwd} has the \texttt{setuid} |
28 \item Which of the following mechanisms help with defending against chain voting? Check all |
28 bit set? Why is this necessary? |
29 that apply. Give a brief reason for each defence that mitigates chain voting attacks. |
29 |
30 |
30 \item (Optional) Imagine you want to atack a |
31 \begin{itemize} |
|
32 \item[$\Box$] Using a glass ballot box to make it clear there are no ballots in the box before the start of the election. |
|
33 \item[$\Box$] Distributing ballots publicly before the election. |
|
34 \item[$\Box$] Checking that a voter's ID (drivers license, passport) matches the voter. |
|
35 \item[$\Box$] Each ballot has a unique ID. When a voter is given a ballot, the ID is recorded. When the voter submits his or her ballot, this ID is checked against the record. |
|
36 \end{itemize} |
|
37 |
31 \end{enumerate} |
38 \end{enumerate} |
|
39 |
32 |
40 |
33 \end{document} |
41 \end{document} |
34 |
42 |
35 %%% Local Variables: |
43 %%% Local Variables: |
36 %%% mode: latex |
44 %%% mode: latex |