Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw04.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Mon, 28 Oct 2013 11:53:07 +0000 (2013-10-28)
changeset 122 f0e51ffd2965
parent 117 59d3bf386a6d
child 239 0db764174afb
permissions -rw-r--r--
added hw
\documentclass{article}
\usepackage{charter}
\usepackage{hyperref}
\usepackage{amssymb}

\begin{document}

\section*{Homework 4}

\begin{enumerate}
\item Explain what is meant by \emph{Kerckhoffs' principle}.

\item How can a system that separates between \emph{users} and \emph{root} be of any 
help with buffer overflow attacks?

\item Consider the following simple mutual authentication protocol:

\begin{center}
\begin{tabular}{ll}
$A \rightarrow B$: & $N_a$\\  
$B \rightarrow A$: & $\{N_a, N_b\}_{K_{ab}}$\\
$A \rightarrow B$: & $N_b$\\
\end{tabular}
\end{center}

Explain how an attacker $B'$ can launch an impersonation attack by 
intercepting all messages for $B$ and make $A$ decrypt her own challenges.

\item Explain what are the differences between dictionary and brute forcing attacks  against  passwords.

\item In the context of which information flow should be protected, explain briefly the 
differences between the {\it read rule} of the Bell-LaPadula access
policy and the Biba access policy. Do the same for the {\it write rule}.

\item A Unix directory might look as follows:

\begin{center}
\begin{verbatim}
$ ls -ld . * */*
drwxr-xr-x 1 ping staff  32768 Apr  2 2010 .
-rw----r-- 1 ping students  31359 Jul 24 2011 manual.txt
-r--rw--w- 1 bob students   4359 Jul 24 2011 report.txt
-rwsr--r-x 1 bob students 141359 Jun  1 2013 microedit
dr--r-xr-x 1 bob staff  32768 Jul 23 2011 src
-rw-r--r-- 1 bob staff  81359 Feb 28 2012 src/code.c
-r--rw---- 1 emma students    959 Jan 23 2012 src/code.h
\end{verbatim}
\end{center}

with group memberships assigned as follows:
\begin{center}
\begin{tabular}{ll}
Members of group staff: & ping, bob, emma\\ 
Members of group students: & emma\\
\end{tabular}
\end{center}

The file microedit is a text editor, which allows its users to open, edit and 
save files. Note carefully that microedit has set its setuid flag. 
Fill in the access control matrix below that shows for each of the above five files, 
whether ping, bob, or emma are able to obtain the right to read (R) or replace (W) its 
contents using the editor microedit.\bigskip

\begin{center}
\begin{tabular}{r|c|c|c|c|c}
        & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
ping & & & & &\\\hline
bob & & & & &\\\hline
emma   & & & & &\\
\end{tabular}
\end{center}


\end{enumerate}


\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End:
sen-material