1. Generate an RSA keypair and encrypt and decrypt the message 6. Do all the computations by hand. Your keypair does not need to be secure, i.e. you can use small numbers. 2. How can a virtual machine monitor set up the page tables for two virtual machines so that they share a page of memory? Why would you want to do this? If two different virtual machines can access the same page of memory, then there can be race conditions in the order of accesses, and these race conditions can lead to security holes. If the shared memory page is used to implement a client/server setup, how can the server defend itself from race conditions? Can the VMM help? 3. Write out the full lattice for the Bell-Lapadula scheme with security levels Low, Medium, and High, and with compartments Midterm and Final. Can a process with Medium Midterm clearance read a Low Midterm Final file? 4. I propose a new form of authentication: something you think. It works as follows. When a user enrolls in the system, the system asks the user for his opinion on a wide variety of topics: politics, flowers, movies, food, computer science, etc. Based on the responses from all the different users of the system, the system builds a model of user tastes that it can use to predict each user's answer to future questions (sort of like Amazon.com's "User's who liked this book might also like..." service). When a user subsequently attempts to login, the system asks him several questions and checks that his answers to the new questions are consistent with his original answers. What are the advantages and disadvantages of this scheme? 5. Find as many security bugs as you can in the following program (note program is not guaranteed to even compile). I can find 8 so far. Let me know if you can find more. void readwholefile(char *fname, char *buffer) { struct stat buf; int fd; stat (fname, &buf); fd = open(fname, O_RDONLY); read(fd, buf, buf.st_size); } /* A setuid-root program */ int main (int argc, char **argv) { char ifname[1024]; char ofname[1024]; char logfname[1024]; char logmsg[1024]; char ibuf[1024]; char *username; char *homedir; int logfd, ofd; struct stat buf; char *p; int i; /* Confine user to files in their home directory */ homedir = getenv("HOME"); snprintf(ifname, 0x1024, "%s/%s", homedir, argv[1]); snprintf(ofname, 0x1024, "%s/%s", homedir, argv[2]); /* Log this user's action */ snprintf(logfname, 1024, "/var/log/bug.%d", getpid()); logfd = open(logfname, O_CREAT | O_APPEND); username = getenv("USER"); fprintf(logfd, "bug: %s %s %s\n", username, ifname, ofname); /* Read the input file, if it's small enough! */ stat(ifname, &buf); if (buf.st_size >= 1024) { printf("ERR: Input file too large\n"); exit(0); } readwholefile(ifname, ibuf); /* Open the output file, if the user can write it, avoiding access/open races. */ for (i = 0; i < 100; i++) { close(ofd); if (access(ofname, W_OK)) { printf("ERR: you can't write %s\n", ofname); exit(0); } ofd = open(ofname, O_WRONLY); } p = ibuf; while ((p = strtok(p, ";")) != NULL) { printf(p); seteuid(getruid()); system(p); seteuid(0); printf("... finished\n"); p = NULL; } return 0; } 6. Draw a finite state machine to capture the following secure coding rule "Applications that read from any file on the system cannot write to the network." 7. Design a system of privileges and an Access Control Matrix to launch a missile iff at least 3 people agree to launch it and no person objects to the launch.