Hard deadline: Wednesday, March 4, 11:59 pm.
Soft deadline: Monday, March 2, 11:59 pm
Gates Hall is a fancy new building that incorporates many security features. Among them are the following:
What security goals are these security features designed to accomplish? For each goal, identify it as being related to a confidentiality, integrity, or availability harm, explain the connection each security feature has to this goal, and identify any assumptions that are necessary for these security features to achieve this goal.
You should endeavor to construct a complete list of security goals. At a minimum, make sure you have at least one security goal related to each of confidentiality, integrity, and availability.
based on [Schneider, chapter 1, problem 1.17]
Several of the Gates Hall security features are intended to prevent access by unauthorized persons.
You may refer to the security features given in Problem 1, or you may discuss other features you have observed. Be sure to identify any assumptions that affect your answers.
based on [Bishop, chapter 12, problem 12.10]
The su command enables a UNIX user to access another user's account. Unless the first user is the superuser ("root"), su requires that the password of the second user be given. Checking whether that password is correct requires su to open the password file, /etc/passwd. On a correctly configured UNIX system, that particular open operation will always succeed.
A CS 5430 student decides to build a version of su that works as follows. If the password file cannot be opened, then the system is badly misconfigured, therefore the superuser must be allowed to login to fix it. So the student's su implementation immediately grants superuser access to the user.
Discuss which of the security principles this approach meets, and which principles it violates.
Cornell's Policy Regarding Abuse of Computers and Network Systems is, in part, a security policy that stipulates appropriate usage of computer systems at Cornell.
As a student studying computer security, you obviously need to know your responsibilities with respect to that policy. (As a security expert, you might some day be asked to write such a security policy or to evaluate somebody's actions relative to a policy.) So study the policy, as well as the Interpretation to which it links. Then consider the following problem.
Suppose that a CS 5430 student discovers a vulnerability that can be exploited to login to Cornell systems under any Cornell NetID, thus impersonating any person at Cornell. This attack would yield access to all Cornell email, student grades, and student financial statements.
Discuss whether each of the following behaviors is permitted by Cornell's policies:
Explain your reasoning, and point to specific excerpts from the policy that support your answer. Identify any conditions or assumptions that affect your answer.
Format your solutions as a single PDF. Include your name and NetID as a header on every page. Use 10 point or larger type. Start your solution to each problem on a separate page. Restrict your solution to at most one page for every problem. (Your PDF should therefore contain exactly 4 pages.) Submit a file named hw2.pdf on CMS.
You will be evaluated on the quality of your solutions and on your adherence to the submission stipulations above. We'll use the following criteria in evaluating quality: