Recent Changes - Search:

Instructor

  • who: Michael Swift
  • where: Room 7369
  • when: Monday 11-12, Thursday 1:30-2:30
  • email: swift 'at' cs.wisc.edu
  • TAs

Lecture:

HomePage

Resources

edit SideBar

Lectures /

OSReview

  1. Security goals
    1. What could happen as a result of an integrity attack on the homework files on your laptop? What can you you do to defend against that kind of attack?
    2. What could happen as a result of a privacy attack on the homework files on your laptop? What can you do to defend against that kind of attack?
    3. What could happen as a result of an availability attack on your laptop? What can you do to defend against that kind of attack?
  2. Security Design Principles. Think about your cellphone and the operating system and software you run. For each of these principles, give an example of how it is applied on your phone, or how it is violated.
    1. Economy of Mechanism
    2. Fail-safe defaults
    3. Complete mediation
    4. Open design
    5. Separation of privilege
    6. Least privilege
    7. Least common mechanism
    8. Psychological acceptability
  3. Operating System Design
    1. Why do operating systems make all system calls start executing at the same address (the system call handler function) rather than letting user code jump directly to the specific system call code itself?
    2. Suppose a system call returns to user code without disabling the privileged mode bit. Explain how this could be exploited.
    3. Suppose you pass a kernel address to the create() system call to create a new file, rather than a user-mode address, and the user does not check that parameters must be user mode pointers. Give an example of how this could be used to leak sensitive information from the kernel.
    4. Suppose you pass a kernel-mode address to the read() system call as the buffer receiving the contents of a file, and the kernel does not check that the buffer addresses are from user mode. Give an example of how this could be used to attack an operating system.
  4. Passwords
    1. Your current system uses a PIN for logging in. If users are made to wait 5 seconds between tries, how long (in the worst cast) will it take somebody to break in, in hours?
    2. You upgrade the system to check passwords, and let passwords by upper and lower-case letters and numbers, and require passwords to be exactly 8 characters. To be helpful to users, as soon as they type a bad letter in their password you fail the login and make them wait 1 second before retrying. How long in the worse case will it take someone to break in, in hours?
    3. You upgrade your system again to hash passwords with a 32-bit salt value, with the same length and characters in the password. Somebody breaks into the system and steals the password file containing hashes and salts. If hashes take 1 microsecond to compute, how many hours will it take someone to break in?
    4. How can you strengthen this system to make it take even longer?
  5. Access control
    1. Normally, the write permission for a directory means the ability to create and delete files within that directory. I create a shared directory for students to turn in their homeworks, and students create a file in that shared directory with their homework, so all students in the class can delete each other’s files. What should I do instead to allow students to turn in their homework but prevent them from deleting each other’s homework?
    2. Suppose you have a system and want to grant read/write access to the owner of a file, read only access to users in the cs642 group, and no access for anyone else. Show the ACL used in a Unix file system and in Windows.
Edit - History - Print - Recent Changes - Search
Page last modified on February 26, 2019, at 06:46 PM