/a> ECS 153, Computer Security

Announcements


Lab 3 Robustness Regrading

Posted by: Matt Bishop
Date: Jun 9 at 5:44am

Folks,

If you lost points for lab exercise #3 for the following reasons:

you can fix the problem and resubmit it by emailing it to me at mabishop at ucdavis dot edu (fix up the email address, of course). I will then review the changes and give up to 80% of the points you lost for the errors you fix only.

The specific errors I will regrade are:

The comments will say the above (or something that clearly means the same thing). I will not regrade anything else.

If you choose to do this, you must send me the program by noon Wednesday so I can make the adjustments in time to submit the grades. I will not accept anything after that.

Hope this helps,

Matt Bishop


Homework 4, Question 3, Hints

Posted by: Matt Bishop
Date: May 29 at 8:01pm

Hi,

There seems to be some confusion over question 3 in Homework 4. Let me explain the question a bit more.

The question deals with which is better, increasing the password length or increasing the number of salts.

The standard UNIX password is between 0 and 8 characters long. For this problem you should assume the passwords are composed of printable characters, of which there are 96 different ones (the obvious ones plus space and tab). Also, the association between user, password hash, and salt is known; so for example, you can see that user bishop’s salt is XYZ34 (or whatever) and his password hash is ABCDEFGHJ/lm. There are 224 such entries. Also, hashing a password and a salt takes h time units, and comparing a hash to another has takes c time units.

Now, for part a, how many hash operations and comparison operations would you expect to need to find every user’s password, given that the password is drawn from the set of possible passwords described above? As there are 212 salts and 224 users, many users will have the same salt.

For part b, suppose the passwords were from 0 to 16 characters in length, using the same set of characters as before. How many hash operations and comparison operations would you expect to need to find every user’s password?

For part c, go back to passwords of a maximum of 8 characters. But now the salt is 224 bits. So given the distribution of salts, each user has a distinct salt. Again, how many hash operations and comparison operations would you expect to need to find every user’s password?

Hope this helps,

Matt Bishop


No discussion section this week

Posted by: Matt Bishop
Date: May 27 at 7:02am

Folks,

As Monday was a University holiday, we had no discussion section that day. So I am cancelling Thursday’s also.

Next week’s discussion section will be a review for the final exam, which is on June 12.

Hope this helps,

Matt Bishop


Lab 4 Update

Posted by: Matt Bishop
Date: May 28 at 5:40pm

Folks,

Someone just pointed out that, in step 6, when you do the chown(2) to root, it succeeds. This causes problems when you try to chmod(2) the file (that fails), and then you can't delete the file.

So please do this instead. Define a macro CHOWN_TO with the numeric value of your UID, so we can quickly replace it with 0, and use CHOWN_TO as the owner in the chown(2) system call.

The chown(2) will then succeed, as will the chmod(2) after it, and you can delete the file if you want to.

Hope this helps,

Matt Bishop


Homework 4 Update

Posted by: Matt Bishop
Date: May 22 at 10:12am

Folks,

I found out yesterday that Homework 4 was not visible in Canvas. It was on the backup web site, http://nob.cs.ucdavis.edu/classes/ecs153-2018-02/homework/hw4.html, though.

Because of that, I have extended the due date for both homework 4 and extra credit 4 to May 30.

Hope this helps,

Matt Bishop


Lab Exercise 3 Updates

Posted by: Matt Bishop
Date: May 22 at 10:10am

Folks,

I was asked some questions about Lab 3 on Piazza. Here is a summary of them and my replies.

Hope this helps,

Matt Bishop


Midterm

Posted by: Chun-Ming Lai
Date: May 14 at 6:21am

Hi, thanks for the students pointing out some mistakes on previous week 7 ppt.

I have already corrected them.

You can come to take your paper during my office hour or any discussion sections. (or make an appointment with me at Academic 2359.)

For the regrading, please contact Professor directly.


Homework 3 Notes

Posted by: Matt Bishop
Date: May 11 at 11:53am

Folks,

Two typos that are relevant to homework 3.

In the text for the Viginère cipher, the formula for the index of coincidence has an error. In the summation, the formula reads “Fi(F1−1)”; it should read “Fi(Fi−1)” (that is, the “F1” should be “Fi”).

In the Otway-Rees protocol in section 11.2.1.2, step 3, the first “r2” in the message Cathy sends Bob should be “r1”. So the message is: { n || { r1 || ksession } kAlice || { r2 || ksession } kBob }

Hope this helps,

Matt Bishop


More on Lab 2 *** EXTENSION

Posted by: Matt Bishop
Date: May 7 at 11:49am

Folks,

Upon further investigation, we discovered that a feature of the Ubuntu kernel — it’s called ASLR, Address Space Layout Randomization — is re-enabled whenever you start the VM. It will cause the memory location of the stack, and hence where buf[] is, to change every time you run the programs. This feature needs to be off. So, if you downloaded the VM and restarted it at any time, be sure to type this command to the shell:

echo 0 | sudo tee /proc/sys/kernel/randomize_va_space

You will need to do this every time you restart the VM (I recommend putting an alias in your .login file for this).

Thanks to the students who showed me the changes; I had thought we had turned it off permanently.

Also, because of this, I'm extending the due date for Lab Exercise #2 to May 9, and the due date for Homework #3 to May 11.

Hope this helps,

Matt Bishop


Lab Exercise #2

Posted by: Matt Bishop
Date: May 6 at 7:57pm

Folks,

One team reported that the addresses for realbad seemed to change with each run. When they recompiled the program with the option -fno-stack-protector, this problem disappeared. So if you are having the same problem, try that.

Hope this helps,

Matt Bishop


Week 5 discussion v2 uploaded

Posted by: Chun-Ming Lai
Date: May 3 at 6:32pm

Hi all,

FYI, I have uploaded the new version of discussion slides for preparing midterm.

  1. Security Principle should be Ch14 (I put Ch13 on last version).
  2. Midterm should cover public key crypto system, and I forgot to put that on last version, also, I want to clarify on
  3. Some of you asked regarding ICS Security material from the guest lecturer. Yes, midterm will also cover that part. As professor said, just focus on the general description of ICS.

Cheers,


Extra Credit #2 Clarification

Posted by: Matt Bishop
Date: April 23 at 9:42am

Folks,

The first problem of Extra Credit #2 should read “page 18”, not “page 170”. It’s problem 14 of the Chapter 6 handout on Canvas.

Thanks to David Tomassi for spotting this.

Hope this helps,

Matt Bishop


Piazza page for this class

Posted by: Matt Bishop
Date: April 21 at 9:42am

Folks,

There is now a Piazza page for this class, thanks to Zaid Al Rakabi. Please feel free to use it; I will monitor it too and answer questions when appropriate.

This is not an official class requirement, though. Here’s why: Piazza sells your data, unanonymized, to corporate recruiters. You can opt out if you like; when you sign up, there’s a box that gives them permission to do this, and it’s checked, so just uncheck it to deny them this permission.

Here's a web page describes this in a bit more detail.

That’s why it is not an official class page. If I answer any questions relating to assignments, classwork, or that folks who do not use Piazza should know, I’ll also post the answer or comment on Canvas.

If you are willing to have your data sold to recruiters (which might be a good thing if you are looking for a job; it might be a bad thing if you’re not; you decide), then don’t uncheck the box. Otherwise, do uncheck it. And in either case, have fun!

Thanks to Zaid Al Rakabi for setting this up!

Hope this helps,

Matt Bishop


TA office hour location

Posted by: Chun-Ming Lai
Date: April 16 at 6:17pm

Folks,

For TA office hour,

sometimes Kemper 53 was occupied by other courses, I’ll be at Kemper 55 instead.

Please go both rooms to search me, thank you.


Modification to Lab Exercise 1 Submissions

Posted by: Matt Bishop
Date: April 12 at 9:50am

Folks,

When you submit Lab Exercise 1, in addition to the files requested in the assignment, please upload a README file giving the names and UC Davis email addresses of all members of your group.

Also, only one person needs to upload the answers; the other members should upload a file named README identifying the other members of their group, as above, and note which person uploaded the answers.

Hope this helps,

Matt Bishop


UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Last modification on April 12, 2018 at 9:53am

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh