Homework 5

Due: June 6, 2013 at 11:55pm (No late homework accepted!)
Points: 100

Questions

  1. (30 points) A system allows the user to choose a password with a length of 1 to 8 characters, inclusive. Assume that 10,000,000 passwords can be tested per second. The sytem administrators want to expire passwords once they have a probability of 0.10 of having been guessed. Determine the expected time to meet this probability under each of the following conditions.
    1. Password characters may be any ASCII characters from 1 to 127, inclusive.
    2. Password characters may be any alphanumeric characters (“A” through “Z”, “a” through “z”, and “0” through “9”).
    3. Password characters must be digits.
    (text, exercise 12.8, modified)

  2. (12 points) ACL entries use “owners” (users) rather than individual processes. Why?
    (text, exercise 15.1, modified)

  3. (28 points) Consider Multics procedures p and q. Procedure p is executing and needs to invoke procedure q. Procedure q’s access bracket is (5, 6) and its call bracket is (6, 9). Assume that q’s access control list gives p full (read, write, append, and execute) rights to q. In which ring(s) must p execute for the following to happen?
    1. p can invoke q, but a ring-crossing fault occurs.
    2. p can invoke q provided that a valid gate is used as an entry point.
    3. p cannot invoke q?
    4. p can invoke q without any ring-crossing fault occurring, but not necessarily through a valid gate.
    (text, exercise 15.8)

  4. (30 points) Consider how a system with capabilities as its access control mechanism could deal with Trojan horses.
    1. In general, do capabilities offer more or less protection against Trojan horses than do access control lists? Justify your answer in light of the theoretical equivalence of ACLs and C-Lists.
    2. Consider now the inheritance properties of new processes. If the creator controls which capabilities the created process is given initially, how could the creator limit the damage that a Trojan horse could do?
    3. Can capabilities protect against all Trojan horses? Either show that they can, or describe a Trojan horse process that C-Lists cannot protect against.
    (text, exercise 22.2)

Extra Credit

  1. (20 points) Discuss controls that wpuld prevent Dennis Ritchie’s bacterium (see Section 22.5.1) from absorbing all system resources and causing a system crash.
    (text, exercise 22.7).

You can also obtain a PDF version of this. Version of May 24, 2013 at 1:49PM