General Instructions.
You are expected to work alone on this assignment.
Due Sept. 13 at the beginning of class.
See class information for policies on grading and late assignments.
You may turn your assignment either on paper or you may submit it
as a PDF file using CMS.
To facilitate grading, format your solutions as follows.
- Put your name and net id on
each page of your solution.
- Typeset your solution, using
10 point or larger font and use 8.5 x 11 inch paper.
- Put the solution to different problems on separate pages.
You should only need one or two pages to solve any given problem.
So you should submit at most six pages (three sheets of paper).
Solutions that do not satisfy the formatting guidelines will
be returned, ungraded.
Problem 1:
[From Bishop, page 24]
An organization makes each lead system administrator responsible for the
security of the system he or she runs. However, the management determines what
programs are to be on the system and how they are to be configured.
- Describe the security problem(s) that this
division of power would create.
- How would you fix them?
Problem 2:
Classify each of the following as a violation of confidentiality, of integrity, of availability, or as some combination of violations.
- A security guard is watching people dial numbers using a
security camera that happens to be pointed toward the phone.
-
A teaching assistant delivers completed student course evaluation
forms to the instructor rather than to the college office. (Note: Cornell
does course evaluations online, so this is not an issue.)
-
Rhonda registers the domain name "AddisonWesley.com" and
refuses to let the publisher of that name buy or use that
domain name.
Problem 3:
A Hu-Fu, pictured above, is a bronze artifact which was used as a
special seal in the ancient Chinese military (c. 300 BCE). Here are some
(simplified) details about the making and use of a Hu-Fu.
- A Hu-Fu can be disassembled into two symmetric halves. A locking
mechanism on each half ensures that only the two
halves that come from the same Hu-Fu can be reassembled.
- When the emperor appoints a
general to be the commander of certain army unit, he gives the left half of
Hu-Fu to the general, and keeps the right half with himself. Despite being
the commander, a general is not allowed to initiate any military
action without a complete Hu-Fu.
- Each Hu-Fu is uniquely associated with only one army unit.
The golden inscription on the Hu-Fu specifies the base location
of the army unit.
- When required, the emperor
sends his order along with the right half of Hu-Fu to the general. The
general then assembles the two halves together in the presence of a witness
(which could be a supervisor sent by the emperor).
- Having the complete Hu-Fu,
the general can carry out military action based on the emperor’s
order.
Discuss what security properties the Hu-Fu is designed to enforce and
explain how each of points 1–5 protects against some vulnerability.