The University of Queensland Homepage
UQ HomepageSearch UQFind all Contacts at UQStudy Options at UQEvents at UQUQ MapsUQ LibraryLink to my.UQ
School of ITEE ITEE Main Website
      





ITEE News and Events


 COMP3300 - Operating Systems Tutorial 12

COMP3300 – Tutorial 12

 Updated on Friday, 18 February 2005 at 4:33 PM
ITEE
 What’s New:
You should aim to catch up on previous tutorials; this is the last tutorial, so there will be no further new material; the last week of lectures will include practice questions leading to the exam.

Learning objectives for this week:
  • Understand the major concepts we’ve covered, including:
    • different types of protection
    • different aspects of the security problem
  • Apply these concepts to reasoning about protection and security
  • Apply these concepts to evaluating alternatives
  • Understand issues in improving security

As before, you should aim to answer all of these questions by the end of the course.

  1. Concepts
    1. When you use a UNIX file system, to what extent can you control access to files?
    2. How does an access control list relate to or differ from a capability?
    3. What is the difference between symmetrical and asymmetric encryption?
    4. What are the advantages of public-key encryption?
  2. Protection
    1. Capabilities have been widely explored in distributed systems as a way of transferring rights to remote users. What specific features are important if capabilities are to be used in this way, without creating security holes?
    2. Consider each of the following scenarios, and describe how you could use access control lists, capabilities or UNIX file permissions to achieve what your are aiming for:
      1. your header files and given source files for an assignment should be accessible to the whole class, but your personal implementation should only be visible to you, your tutor (and not others), and the lecturer. You should be able to read and modify your files (including compiling and running your finished code), and the others who have access to them should be able to read them, and run executables, but not modify files. Does it make a difference in any case if the differences in access rights are organized around directories or files?.
      2. you are doing a group project, and the same conditions as in (i) apply, except other members of the group can read your files, but not modify them. There is a central directory accessible to the whole group where final linking takes place, but compilation of individual components happens in your directory, where others should not be able to compile, so only you can make a compiled version of a component you are responsible for available to the group as a whole.
      3. you are the administrator of a distributed system and would like to allow a specific user access to a remote file system.
    3. Draw an access matrix corresponding to scenarios of 2(b)(i-ii). Would it have been easier to answer the question if you did this first?
    4. Why, in general terms, is it hard to handle failures in distributed systems?
  3. Security
    1. Remembering passwords is a huge problem. Discuss which of the following could contribute to the solution, or add to the problem.
      1. force users to change passwords regularly
      2. force users to use long passwords which aren’t similar to English words
      3. allow users to store all their passwords in one place with a master password
      4. a graphical user interface hides passwords behind pictures meaningful to the user, but unlikely to be guessed by anyone else (e.g. a map in which clicking on a location either reveals a correct password or a fake one to put intruders off track)
      5. allow an access with an incorrect password without any warning of an error, but redirect the access to a secure environment with tripwires
      6. replace passwords by a “guessing game” in which your guesses are compared with previous times you’ve played the game: exact matches aren’t looked for, but rather a pattern of similar thought processes (some AI could apply)
    2. Before World War II, France had massive defences on their German border. Germany attacked France through neutral countries, ignoring French defences. Can you think of a security attack on a computer system with similarities to the German approach?
    3. In each of the following, classify the security problem as a Trojan horse, a worm, a virus or a denial of service attack. If more than one applies, either select the most applicable, or a combination – try to justify your answer as the best variation:
      1. a program attached to an email message installs itself by exploiting a feature of your mail client’s handling of attachments. It scans your address book and sends itself to all the addresses in the list (it is a standalone program, which has its own implementation of the mail protocols)
      2. a program attached to an email message inserts itself into your mail client (exploiting a similar security hole to that in (i)) so that whenever you send a message, it attaches itself to the message you send.
      3. a program like that of (i) repeatedly resends messages at short intervals, and includes a reply-receipt header (on receiving the message, the receiving mail client will send a reply automatically)
    4. Describe how public-key encryption could combine with capabilities to provide a secure way of allowing an outsider limited access to distributed computer resources. This question should build on 2(a).
    5. Discussion: why would anyone develop a virus, worm or other malicious software? What should we do if such a person is caught?
© 2002-2012 The University of Queensland, Brisbane, Australia
ABN 63 942 912 684
CRICOS Provider No: 00025B
Authorised by: Head of School
Maintained by: webmasters@itee.uq.edu.au
Last Updated: 18 February, 2005, 4:37pm