Homework #4

Due: May 27, 2026
Points: 100

Questions

  1. (20 points) Suppose a user wishes to edit the file xyzzy in a capability-based system.
    1. How should he do this to ensure that the editor cannot access any other file?
    2. Could this be done in an ACL-based system? If so, how? If not, why not?

  2. (24 points) Consider Multics procedures p and q. Procedure p is executing and needs to invoke procedure q. Procedure q’s access bracket is (5, 6) and its call bracket is (6, 9). Assume that q’s access control list gives p full (read, write, append, and execute) rights to q. In which ring(s) must p execute for the following to happen?
    1. p can invoke q, but a ring-crossing fault occurs.
    2. p can invoke q provided that a valid gate is used as an entry point.
    3. p cannot invoke q.
    4. p can invoke q without any ring-crossing fault occurring, but not necessarily through a valid gate.

  3. (28 points) Classify the following vulnerabilities using the PA model. Assume that the classification is for the implementation level. Justify your answer.
    1. The presence of the “wiz” command in the sendmail program (see Section 24.2.9).
    2. The failure to handle the IFS shell variable by loadmodule (see Section 24.2.9).
    3. The failure to select an Administrator password that was difficult to guess (see Section 24.2.10).
    4. The failure of the Burroughs system to detect offline changes to files (see Section 24.2.7).

  4. (28 points) StackGuard is a tool for detecting buffer overflows. It modifies the compiler to place a known (pseudo)random number (a canary) on the stack just before the return address when a function is called. Additional code is added so that, just before the function returns, it pops the canary and compares it to the value that was placed upon the stack. If the two differ, StackGuard asserts a buffer overflow has occurred, and invokes an error handler to terminate the program. How effective is this approach at stopping stack-based buffer overflows? Under what conditions might it fail?

Extra Credit

  1. (15 points) Discuss controls that would prevent Dennis Ritchie’s bacterium from absorbing all system resources and causing a system crash.

  2. (20 points) A vendor advertises that its system was connected to the Internet for 3 months, and no one was able to break into it. It claims that this means the system cannot be broken into from any network.
    1. Do you share the vendor’s confidence? Why or why not?
    2. If a commercial evaluation service had monitored the testing of this system and confirmed that, despite numerous attempts, no attacker had succeeded in breaking into it, would your confidence in the vendor’s claim be increased, decreased, or unchanged?
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153A, Computer & Information Security & Privacy I
Version of May 15, 2026 at 9:00PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh