Homework 5

Due Date: June 6, 2001
Points: 100

1. (30 points; text, exercise 18.7) Please discuss controls that would prevent Dennis Ritchie's bacterium (see section 18.5.1) from absorbing all system resources and causing a system crash.
2. (40 points; text, exercise 18.12) Assume the Clark-Wilson model is implemented on a computer system. Could a computer virus that scrambled constrained data items be introduced into the system? Why or why not? Specifically, if not, identify the precise control that would prevent it from being intorduced, and say why it would prevent the virus from being introduced; if yes, identify the specific control or controls that allow it to be introduced and say why they fail to keep it out.
3. (30 points; text, exercise 19.6) An attacker breaks into a web server using a Windows 2000 based system. He concludes that, because of the ease with which he broke in, that Windows 2000 is an operating system with very poor security features. Based only on the results of the attack, is his conclusion reasonable? Why or why not?

Matt Bishop Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060 Fax: +1 (530) 752-4767 Email: bishop@cs.ucdavis.edu

Copyright Matt Bishop, 2001. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.