Homework 1

Due Date: January 19, 1999	Points: 200



1.	(20 points) Pfleeger's book Security in Computing states the basic goals of security as "preventing interruption, 
interception, modification, and fabrication." Please compare and contrast these four goals with the three goals 
discussed in class (which were to provide confidentiality, integrity, and availability). 

2.	(20 points) In class, someone pointed out that a denial of service may differ from a very long delay, because a 
request may need to be answered within a short period of time. Hence delaying for even a short period of time 
may have the same effect as a denial of service. Please give an example of a request that must be satisfied within 
a short period of time (say, one hour). Please give another example of a request that can be satisfied at any time.

3.	(40 points)  The entropy function H(p1, ?, pn) must satisfy several properties, including the following (for which 
we assume p1 + ? + pn = 1):

a.	H(p1, ?, pn) max when p1 = ? = pn = 1/n;

b.	For any permutation ? of (1, ?, n), H(p?(1), ?, p?(n)) = H(p1, ?, pn);

c.	H(p1, ?, pn) ? 0; it is 0 if all  pi are 0 except for one, which is 1;

d.	H(p1, ?, pn, 0) = H(p1, ?, pn);

e.	H(1/n, ?, 1/n) ? H(1/(n+1), ?, 1/(n+1));

f.	H(1/mn, ?, 1/mn) = H(1/n, ?, 1/n) + H(1/m, ?, 1/m);

g.	H is continuous in its arguments; and

h.	p = Spi, q = Sqi, p > 0, q > 0, p + q = 1 implies
H(p1, ?, pm, q1, ?, qn) = H(p, q) + pH(p1/p, ?, pm/p) + qH(q1/q, ?, qn/q).

Please show that the function H(p1, ?, pn) = -lSk pk lg pk (where the sum is over those k for which pk > 0) meets 
these conditions.

4.	(20 points)Let X be an integer variable represented with 32 bits. Suppose that the probability is 1/2 that X lies in 
the range [0, 28-1] with all such values being equally likely, and 1/2 that X lies in the range [28, 232-1], with all 
such values being equally likely. Please compute H(X).

5.	(40 points) The following was enciphered with a Vigenere cipher. Please break it.

TSMVM MPPCW CZUGX HPECP RFAUE IOBQW PPIMS FXIPC TSQPK SZNUL OPACR DDPKT
SLVFW ELTKR GHIZS FNIDF ARMUE NOSKR GDIPH WSGVL EDMCM SMWKP IYOJS TLVFA
HPBJI RAQIW HLDGA IYOUX

6.	(60 points) The host lassen.cs.ucdavis.edu is a Data General Aviion system that is rated as fairly secure (B2 in the 
TCSEC). We will be conducting a penetration test as a class experiment throughout this term. The goal  is to 
acquire access to the system as a user (root or otherwise). The first step in a penetration test is to hypothesize 
flaws, or potential vulnerabilities. For this exercise, you must assume you are analyzing the system as though you 
have no access to it other than from the network. You will hypothesize potential flaws, but not test them yet.

a.	Determine what network servers lassen is running. (Hint: find the program strobe, download it and use it.)

b.	Please devise three possible network-based vulnerabilities on the system using your knowledge of the serv-
ers and of potential vulnerabilities in them. Your description should have the following format:

your name;

server with the vulnerability;

possible vulnerability being exploited (you need not verify that the Data General has the flaw, but you must 
describe the flaw you are hypothesizing);

how to veritfy the vulnerability in the absense of source code (if an "attack program"  is required, you may 
use pseudocode to describe the attack program).

expected result of exploiting the vulnerability;

why you think it is there (for example, other systems with the same flaw, use of servers implementing know, 
buggy protocols, etc.)

source (if you get the idea for an attack from a book or an Internet site, say where)

Please post your descrription to the newsgroup ucd.class.ecs253.d. As part of the requirement for this 
answer, each student must submit 3 different potential vulnerabilities; the first poster of each vulnerability 
gets credit for it. So be sure your vulnerabilities are different than your classmates'!