General Instructions. You are expected to work alone on this assignment.
Due Sept. 13 at the beginning of class. See class information for policies on grading and late assignments.
You may turn your assignment either on paper or you may submit it as a PDF file using CMS. To facilitate grading, format your solutions as follows.
- Put your name and net id on each page of your solution.
- Typeset your solution, using 10 point or larger font and use 8.5 x 11 inch paper.
- Put the solution to different problems on separate pages. You should only need one or two pages to solve any given problem. So you should submit at most six pages (three sheets of paper).
Solutions that do not satisfy the formatting guidelines will be returned, ungraded.
Problem 1:
[From Bishop, page 24]
An organization makes each lead system administrator responsible for the security of the system he or she runs. However, the management determines what programs are to be on the system and how they are to be configured.
- Describe the security problem(s) that this division of power would create.
- How would you fix them?
Problem 2:
Classify each of the following as a violation of confidentiality, of integrity, of availability, or as some combination of violations.- A security guard is watching people dial numbers using a security camera that happens to be pointed toward the phone.
- A teaching assistant delivers completed student course evaluation forms to the instructor rather than to the college office. (Note: Cornell does course evaluations online, so this is not an issue.)
- Rhonda registers the domain name "AddisonWesley.com" and refuses to let the publisher of that name buy or use that domain name.
Problem 3:
A Hu-Fu, pictured above, is a bronze artifact which was used as a special seal in the ancient Chinese military (c. 300 BCE). Here are some (simplified) details about the making and use of a Hu-Fu.
- A Hu-Fu can be disassembled into two symmetric halves. A locking mechanism on each half ensures that only the two halves that come from the same Hu-Fu can be reassembled.
- When the emperor appoints a general to be the commander of certain army unit, he gives the left half of Hu-Fu to the general, and keeps the right half with himself. Despite being the commander, a general is not allowed to initiate any military action without a complete Hu-Fu.
- Each Hu-Fu is uniquely associated with only one army unit. The golden inscription on the Hu-Fu specifies the base location of the army unit.
- When required, the emperor sends his order along with the right half of Hu-Fu to the general. The general then assembles the two halves together in the presence of a witness (which could be a supervisor sent by the emperor).
- Having the complete Hu-Fu, the general can carry out military action based on the emperor’s order.
Discuss what security properties the Hu-Fu is designed to enforce and explain how each of points 1–5 protects against some vulnerability.