Homework 4

Due Date: March 17, 1999	Points: 200



1.	(20 points) A computer security expert claims that cryptography is all that is necessary to provide network secu-
rity. Explain why this is false; in particular, explain why encryption protocols do not provide adequate protection 
in the absence of trusted hosts.

2.	(30 points)Following the approach we used in class, give security conditions for the case statement:

	1	case a of

	2		v1: S1;

	3		v2: S2;

	4		.

	5		.

	6		.

	7		vn: Sn;

	8	end;

3.	(40 points)Assume objects are statically bound to security classes.

a.	For the following program, illustrate the compile-time certification checks:

	1	program p1(k, m, f, g, h)

	2	var k: file class K;

	3	m: file class M;

	4	f: file class F;

	5	g: file class G;

	6	h: file class H;

	7	a: integer class A;

	8	b: integer class B;

	9	begin

	10		input a from f;

	11		input b from g;

	12		while b  0 do

	13		begin

	14			if a > 0 then output b to h;

	15			if b > 0 then output a - b + 1 to k;

	16			output b to m;

	17			input a from f;

	18			input b from g;

	19		end

	20	end.

b.	The following partial orders define 2 lattices:

L1: C  S

L2: D0 ¼ D1 ¼ D3, D0 ¼ D2 ¼ D3

Assume a lattice of security classes constructed from the cross-product of L1 and L2 and determine the secu-
rity of the program in part a if:

A = (S, D3)	B = (C, D1)	F = (S, D2)

G = (C, D1)	H = K = (S, D3)	M = (C, D3)

4.	(60 points) Consider the intrusion detection system model, which consists of sensor mechanisms, analysis 
engines, and notification engines. Please generalize this model to cover all system auditing mechanisms.

5.	(50 points) The program lsu is a version of su that uses an access control file and the user's password to give 
access to shared accounts. It runs setuid to root on UNIX systems. On the web page is a tarball of the program 
lsu.tar. Download it and find at least 2 potential security vulnerabilities. You do not need to exploit it, but you 
must say how you could exploit it.