diff -r 1d37142ea1ea -r 33b26c8efa03 hw04.tex --- a/hw04.tex Tue Oct 16 14:42:43 2012 +0100 +++ b/hw04.tex Mon Oct 22 11:42:45 2012 +0100 @@ -1,35 +1,43 @@ \documentclass{article} \usepackage{charter} \usepackage{hyperref} +\usepackage{amssymb} \begin{document} \section*{Homework 4} \begin{enumerate} -\item What is bad about security-by-obscurity? - -\item In which of the following situations can the access control mechanism of Unix -file permissions be used? +\item Voice voting is the method of casting a vote in the `open air' for everyone +present to hear. Which of the following security requirements do paper ballots +satisfy better than voice voting? Check all that apply and give a brief explanation +for your decision. \begin{itemize} -\item[(a)] Alice wants to have her files readable, except for her office mates. -\item[(b)] Bob and Sam want to share some secret files. -\item[(c)] Root wants some of her files to be public. +\item[$\Box$] Integrity\bigskip\bigskip +\item[$\Box$] Enfranchisement\bigskip\bigskip +\item[$\Box$] Ballot secrecy\bigskip\bigskip +\item[$\Box$] Voter authentication\bigskip\bigskip +\item[$\Box$] Availability\bigskip\bigskip \end{itemize} -\item What should the architecture of a network application under Unix -be that processes potentially hostile data? -\item How can you exploit the fact that every night root has a cron -job that deletes the files in \texttt{/tmp}? +\item Explain how an attacker can use chain voting in order to influence the outcome of a +poll using paper ballots. + +\item Which of the following mechanisms help with defending against chain voting? Check all +that apply. Give a brief reason for each defence that mitigates chain voting attacks. -\item What does it mean that the program \texttt{passwd} has the \texttt{setuid} -bit set? Why is this necessary? +\begin{itemize} +\item[$\Box$] Using a glass ballot box to make it clear there are no ballots in the box before the start of the election. +\item[$\Box$] Distributing ballots publicly before the election. +\item[$\Box$] Checking that a voter's ID (drivers license, passport) matches the voter. +\item[$\Box$] Each ballot has a unique ID. When a voter is given a ballot, the ID is recorded. When the voter submits his or her ballot, this ID is checked against the record. +\end{itemize} -\item (Optional) Imagine you want to atack a \end{enumerate} + \end{document} %%% Local Variables: