Sample Midterm
These are sample questions that are very similar to the ones I will ask on the midterm. I expect the midterm will be approximately the same length.
- Why is a precise statement of security requirements critical to the determination of whether a given system is secure?
- This function’s purpose is to copy a string from one buffer to another. It is not robust. Find the problems and say how to fix them. Note that the passing of pointers here is defined in the specification of the interface, and so cannot be changed.
void mystrcpy(char *s, char *t)
{
while(*t != '\0')
*s++ = *t++;
*t = '\0';
}
- Which of the following demonstrate violations of the principle of least privilege? Please justify your answer.
- The Linux root account?
- A user whose function is to maintain and install system software. This user has access to the source files and directories, access to only those programs needed to build and maintain software, and can copy executables into system directories for other users. This user has no other special privileges.
- Into which category or categories of the Program Analysis classification do the following fall?
- Buffer overflow causing a return into the stack?
- Allowing an ordinary user to alter the password file?
- Simultaneous writes to a shared database?
- Reading a UNIX file by directly accessing the raw device and reading first the superblock, then the file’s inode, and finally the file’s data blocks?
- Represent a security compartment label using the notation
(security level, set of categories)
According to the Bell-LaPadula model, can a user cleared for (secret, {dog, cat, pig }) have read or write access (or both) to documents classified in each of the following ways under the military security model?
- (top secret, {dog})
- (secret, {dog})
- (secret, {dog, cow})
- (secret, {moose})
- (confidential, {dog, pig, cat})