# HG changeset patch # User Christian Urban # Date 1382961187 0 # Node ID f0e51ffd2965e0989faf0405e053a79b5a51a475 # Parent 01f7e799e6cef605ff09c59d1d70c0a4a9e8a1b8 added hw diff -r 01f7e799e6ce -r f0e51ffd2965 hws/hw04.pdf Binary file hws/hw04.pdf has changed diff -r 01f7e799e6ce -r f0e51ffd2965 hws/hw04.tex --- a/hws/hw04.tex Tue Oct 22 14:47:43 2013 +0100 +++ b/hws/hw04.tex Mon Oct 28 11:53:07 2013 +0000 @@ -10,6 +10,66 @@ \begin{enumerate} \item Explain what is meant by \emph{Kerckhoffs' principle}. +\item How can a system that separates between \emph{users} and \emph{root} be of any +help with buffer overflow attacks? + +\item Consider the following simple mutual authentication protocol: + +\begin{center} +\begin{tabular}{ll} +$A \rightarrow B$: & $N_a$\\ +$B \rightarrow A$: & $\{N_a, N_b\}_{K_{ab}}$\\ +$A \rightarrow B$: & $N_b$\\ +\end{tabular} +\end{center} + +Explain how an attacker $B'$ can launch an impersonation attack by +intercepting all messages for $B$ and make $A$ decrypt her own challenges. + +\item Explain what are the differences between dictionary and brute forcing attacks against passwords. + +\item In the context of which information flow should be protected, explain briefly the +differences between the {\it read rule} of the Bell-LaPadula access +policy and the Biba access policy. Do the same for the {\it write rule}. + +\item A Unix directory might look as follows: + +\begin{center} +\begin{verbatim} +$ ls -ld . * */* +drwxr-xr-x 1 ping staff 32768 Apr 2 2010 . +-rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt +-r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt +-rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit +dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src +-rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c +-r--rw---- 1 emma students 959 Jan 23 2012 src/code.h +\end{verbatim} +\end{center} + +with group memberships assigned as follows: +\begin{center} +\begin{tabular}{ll} +Members of group staff: & ping, bob, emma\\ +Members of group students: & emma\\ +\end{tabular} +\end{center} + +The file microedit is a text editor, which allows its users to open, edit and +save files. Note carefully that microedit has set its setuid flag. +Fill in the access control matrix below that shows for each of the above five files, +whether ping, bob, or emma are able to obtain the right to read (R) or replace (W) its +contents using the editor microedit.\bigskip + +\begin{center} +\begin{tabular}{r|c|c|c|c|c} + & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline +ping & & & & &\\\hline +bob & & & & &\\\hline +emma & & & & &\\ +\end{tabular} +\end{center} + \end{enumerate}