Homework 1 Total Points: 300 Due Date: Friday, October 16, 1998 1. (18 points) Please characterize each of the following as one of snooping, masquerading, modifying, denying ser- vice, delaying, denying receipt, and repudiating origin. Remember to explain your answers! a. Changing a love letter that your friend asked you to mail; b. Writing a love letter and signing your friend's name; c. Denying you wrote a love letter with your name signed; d. Denying you received a love letter that your sweetie wrote you; e. Not mailing a love letter that your friend gave you and asked you to mail; f. Reading a love letter that your friend wrote 2. (12 points) Please explain in detain why authentication is considered an integrity service. Do not give as a reason that authentication is neither a confidentiality mechanism nor an integrity mechanism. Use the meaning of authentication and integrity to answer the question. 3. (12 points) Please characterize each of the following as a component of a policy or as a mechanism. Again, remember to explain your answers! a. You must be enrolled in an ECS class, or an ECS or CSE major, to have an acount in the CSIF. b. The systems staff (who administer the CSIF) check the enrollment lists that the registrar sends to the ECS department every night to determine who is enrolled in an ECS course. c. Initial passwords are not to be posted downstairs because someone may copy them and use others' accounts without authorization. d. The system staff runs the program crack, which guesses passwords, to determine if users have selected pass- words that are too easy to guess. 4. (20 points) Recall that the four techniques of handling deadlock are: ignoring it, detecting it, preventing it, and avoiding it. Please compare and contrast these approaches with the strategies of implementing mechanisms to meet a security policy. 5. (88 points) The program setdate runs setuid to root. Its function is to change the date of the system. See the attached manual page for its use. Please analyze the robustness of this program using the source code (available from the class web page). 6. (150 points) Please read the book The Art of War by Sun Tzu. Then take the examples in Ira Winkler's paper and show how they embody the principles that Sun Tzu presents. Your essay should be at least 4 pages long and no more than 8 pages long (or between 240 and 480 lines, if you submit ASCII text). NAME setdate - change the date on the system SYNOPSIS setdate [ -d mmddyy ] hhmm [ ss ] DESCRIPTION Setdate sets the system's idea of the current time, and (optionally) the date. USAGE Setdate takes its argument to represent the current time, and sets the system clock to that time. The argument may be either four or six digits. If it is four digits, the first two represent the hour (using a 24-hour clock) and the next two represent the minutes. If the argument is six digits, the first four are interpreted as before, but the last two digits represent the seconds. If the optional argument -d is present, its option sets the date. The option to -d is a six digit string; the first two digits represent the year (relative to 1900), the next two the month (with January as 00 and December as 11), and the last two the day of the month. Setdate prints the new date after it runs. EXAMPLES Set the date to December 31, 1975 and the time to 12:53PM: % setdate -d 751131 1253 Set the current time to 10:34:56AM: % setdate 103456 Set the current time to 10:34:56PM: % setdate 223456 SEE ALSO date(1), ntpd(8) DIAGNOSTICS Setdate complains if the attempt to change the date fails. NOTES Only the superuser can run setdate. AUTHOR Matt Bishop, Department of Computer Science, University of California at Davis, 1998 (bishop@cs.ucdavis.edu)