Due Date: Monday, November 2, 1998
Total Points: 300
- (10 points) Please do Exercise 14 of the handout Robust
- (18 points) Please do Exercise 20 of the handout Robust
- (20 points) Which of the four basic principles of robust
programming does the use of the function gets(3) violate? Please
justify your answer.
- (20 points) Please classify the flaws exploited in the attacks
on the Michigan Terminal System and the Burroughs B6700 under the PA and
RISOS classifications. Remember to justify your answer.
- (32 points) Please show that the PA classifications and RISOS
classifications cover the same categories of flaws.
Hint: If x is a flaw in the "improper initial
protection domain" class of PA, in which class or classes might it
fall in the RISOS classification?
- (50 points) Please do exercise 17 of the handout Robust
Programming. The source code for the current version of the qlib
is available from the class web page (you will need both the header
file and the source code). Don't forget to change all the functions so the
library works correctly, is robust, and is well commented. Remember to keep
the interface the same!
- (150 points) Read the book The Prince by Niccolò
Machiavelli. Then please write an essay either affirming or refuting the
following thesis: The rights and obligations of the security officer of a
system (who is responsible for maintaining the security of the system) are
analogous to those of a prince, as described by Machiavelli. Your essay
should be at least 4 pages long and no more than 8 pages long (or between
240 and 480 lines, if you submit ASCII text).
You can also see this document
in its native format,
in ASCII text.
Send email to
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 10/19/98