13 \item How can a system that separates between \emph{users} and \emph{root} be of any 

    14 help with buffer overflow attacks?

    15 

    16 \item Consider the following simple mutual authentication protocol:

    17 

    18 \begin{center}

    19 \begin{tabular}{ll}

    20 $A \rightarrow B$: & $N_a$\\  

    21 $B \rightarrow A$: & $\{N_a, N_b\}_{K_{ab}}$\\

    22 $A \rightarrow B$: & $N_b$\\

    23 \end{tabular}

    24 \end{center}

    25 

    26 Explain how an attacker $B'$ can launch an impersonation attack by 

    27 intercepting all messages for $B$ and make $A$ decrypt her own challenges.

    28 

    29 \item Explain what are the differences between dictionary and brute forcing attacks  against  passwords.

    30 

    31 \item In the context of which information flow should be protected, explain briefly the 

    32 differences between the {\it read rule} of the Bell-LaPadula access

    33 policy and the Biba access policy. Do the same for the {\it write rule}.

    34 

    35 \item A Unix directory might look as follows:

    36 

    37 \begin{center}

    38 \begin{verbatim}

    39 $ ls -ld . * */*

    40 drwxr-xr-x 1 ping staff  32768 Apr  2 2010 .

    41 -rw----r-- 1 ping students  31359 Jul 24 2011 manual.txt

    42 -r--rw--w- 1 bob students   4359 Jul 24 2011 report.txt

    43 -rwsr--r-x 1 bob students 141359 Jun  1 2013 microedit

    44 dr--r-xr-x 1 bob staff  32768 Jul 23 2011 src

    45 -rw-r--r-- 1 bob staff  81359 Feb 28 2012 src/code.c

    46 -r--rw---- 1 emma students    959 Jan 23 2012 src/code.h

    47 \end{verbatim}

    48 \end{center}

    49 

    50 with group memberships assigned as follows:

    51 \begin{center}

    52 \begin{tabular}{ll}

    53 Members of group staff: & ping, bob, emma\\ 

    54 Members of group students: & emma\\

    55 \end{tabular}

    56 \end{center}

    57 

    58 The file microedit is a text editor, which allows its users to open, edit and 

    59 save files. Note carefully that microedit has set its setuid flag. 

    60 Fill in the access control matrix below that shows for each of the above five files, 

    61 whether ping, bob, or emma are able to obtain the right to read (R) or replace (W) its 

    62 contents using the editor microedit.\bigskip

    63 

    64 \begin{center}

    65 \begin{tabular}{r|c|c|c|c|c}

    66         & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline

    67 ping & & & & &\\\hline

    68 bob & & & & &\\\hline

    69 emma   & & & & &\\

    70 \end{tabular}

    71 \end{center}

    72