Midterm
-
(20 points) This question concerns the ability of attackers to
crack UNIX passwords on a system where the password file is
world-readable and contains the users' password hashes. Two approaches
for reducing the probability that a password will be guessed are:
-
increase the size of the salt from 12 bits to 24 bits in the obvious
way (i.e., flipping all 24 sets of bits in the E table); or
-
increase the length of the password to 16 characters by hashing the
first 8 characters using the current hash function, the second set of
8 characters using the current hash function and the same salt, and
concatenating the two.
Assume an attacker is attempting to guess a particular user's password.
Which method increases the estimated time of guessing the password the
most? Why?
-
(20 points) Three different protection mechanisms that we have
discussed are capabilities, access control lists, and the UNIX rwx
bits. For each of the following protection problems, tell which of
these mechanisms can be used, and how. For the UNIX system, assume the
groups faculty, administrator, student, and secretary have appropriate
membership.
-
Rick, a faculty member, wants his files readable by everyone except
Jennifer, who is the only administrator with access to the
computer.
-
Helen and Anna, both students, want to share some secret files.
-
Thomas, a secretary, wants some of his files to be readable by everyone.
-
(20 points) Consider the following protection mechanism. Each
object and each process is assigned a number. A process can only access
an object if the object has a higher number than the process. Which of
the mechanisms discussed in class (ACL, capabilities, lock-and-key, the
MULTICS ring protection scheme) does this most closely resemble, and
why? In what essential way does it differ from the scheme discussed in
class?
-
(20 points) What is the definition of "perfect
secrecy"? What characteristics are necessary for a cipher to
achieve this goal (ie., to provide perfect secrecy)?
-
(20 points) Represent a security compartment label using the notation
<security level; set of categories>.
Can a user cleared for secret; { dog, cat, pig } have read or
write access (or both) to documents classified in each of the
following ways under the military security model?
-
<top secret; { dog }>
-
<secret; { dog }>
-
<secret; { dog, cow }>
-
<secret; { moose }>
-
<confidential; { dog, pig, cat }>
Send email to
cs153@csif.cs.ucdavis.edu.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 2/13/98