('Dawn Song', 'Midterm 1', '(solution)') Spring 2012

Express q in terms of symbolic variable z1 answer z1 0

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: he security assertion Q that you would insert at line 24 before the assignment to prevent a buffer overflow. Express Q in terms of symbolic variable z1 . Answer: z1 >= 0 is sufficient. (d) (3 points) By solving the constraints (P ∧ ¬Q) over 32-bit modulo arithmetic (int is represented in 32-bit two’s complement), give an Page 5 instance of values for inputs a0 and b0 that are sufficient to cause a buffer overflow at line 24. You must provide concrete values free of macros or variables. Answer: a0 == −231 b0 can be any integer between 1 to 231 -1 inclusive Page 6 3. (9 points) Isolation, Least Privilege & Mobile Security (a) (2 points) Dolphin Communications has come up with a brilliant idea for ensuring air gapping, named the SeaGap. SeaGap consists of a memory unit and several electronic switches. These switches are configured such that the memory could be connected only to the Internet or to your LAN, but never to both at the same time. When data arrives at one network port, the device would load up with application data, then flip ’safely’ to the other network to disgorge its payload. Does this achieve air Gap isolation? ◦ Yes. ◦ No. Answer: No. The two are still connected via the same computer on which SeaGap runs. (b) (4 points) For each of the following security mechanisms, state whether they are access control or capability systems or both. If you answer ‘both’ write a short explanation for the same. 1. Safe that requires a user key: Capability Answer: 2. Safe that checks your fingerprint and sees if you are in the list of allowed users: Answer: ACL 3. Google Docs Sharing “Anyone with link” feature: Answer: Capability 4. Google Docs sharing “Following users only”: Answer: ACL (c) (1 point) The ping command, at a high level, consists of three modules: a module that sends the ICMP packets, another module to receive the responses and a third module to show the output to the user. Page 7 ping runs as a monolithic process. Since sending the packets above r...
View Full Document

This document was uploaded on 02/23/2014.

Ask a homework question - tutors are online