This preview shows page 1. Sign up to view the full content.
Unformatted text preview: he security assertion Q that you would insert
at line 24 before the assignment to prevent a buﬀer overﬂow. Express
Q in terms of symbolic variable z1 .
Answer: z1 >= 0 is suﬃcient. (d) (3 points) By solving the constraints (P ∧ ¬Q) over 32-bit modulo
arithmetic (int is represented in 32-bit two’s complement), give an
Page 5 instance of values for inputs a0 and b0 that are suﬃcient to cause a
buﬀer overﬂow at line 24. You must provide concrete values free of
macros or variables.
Answer: a0 == −231
b0 can be any integer between 1 to 231 -1 inclusive Page 6 3. (9 points) Isolation, Least Privilege & Mobile Security
(a) (2 points) Dolphin Communications has come up with a brilliant idea
for ensuring air gapping, named the SeaGap. SeaGap consists of
a memory unit and several electronic switches. These switches are
conﬁgured such that the memory could be connected only to the
Internet or to your LAN, but never to both at the same time. When
data arrives at one network port, the device would load up with
application data, then ﬂip ’safely’ to the other network to disgorge
Does this achieve air Gap isolation?
◦ No. Answer: No.
The two are still connected via the same computer on which
(b) (4 points) For each of the following security mechanisms, state whether
they are access control or capability systems or both. If you answer
‘both’ write a short explanation for the same.
1. Safe that requires a user key:
Capability Answer: 2. Safe that checks your ﬁngerprint and sees if you are in the list of
3. Google Docs Sharing “Anyone with link” feature:
4. Google Docs sharing “Following users only”:
Answer: ACL (c) (1 point) The ping command, at a high level, consists of three modules: a module that sends the ICMP packets, another module to
receive the responses and a third module to show the output to the
user. Page 7 ping runs as a monolithic process. Since sending the packets above
View Full Document
This document was uploaded on 02/23/2014.
- Spring '14
- Computer Security