(20 points) The aphorism “security through obscurity” suggests that hiding information provides some level of security. Give an example of a situation in which hiding information does not add appreciably to the security of a system. Then give an example of a situation in which it does.
(20 points) Suppose Alice has r and w rights over the file book.
Alice wants to copy r rights to book to Bob.
Assuming there is a copy right c, write a command to do this.
Now assume the system supports a copy flag; for example, the right r with the copy flag would be written as rc. In this case, write a command to do the copy.
In the previous part, what happens if the copy flag is not copied?
(20 points) Someone asks, “Since the Harrison-Ruzzo-Ullman result says that the security question is undecidable, why do we waste our time trying to figure out how secure the UNIX operating system is?” Please give an answer justifying the analysis of the security of the UNIX system (or any system, for that matter) in light of the HRU result.
(20 points) A company publishes the design of its security software product in a manual that accompanies the executable software.
In what ways does this satisfy the principle of open design? In what ways does it not?
Given that the design is known, what advantages does keeping the source code unavailable give the company and those who purchase the software? What disadvantages does it cause?
(20 points) Consider the expression size * sizeof(int), where size is an integer, and the operation is done on a 64 bit machine. The obvious way to test for overflow is to multiply the absolute value of size and sizeof(int) and see if the result is smaller than the absolute value of size (because if |a * b| < |a| when |a| > 1 and |b| > 1, then overflow has occurred). Does this always work? What problems does it introduce? (Hint: think about architectures allowing arithmetic overflow to cause a trap.) Suggest an alternate
method without these problems.