Students should read 1, their choice of either 2a or 2b, and their choice of either 3a or 3b. ---------------------------------------------------------------------- A. For each of the papers you read (three out of five): 1. Write a one-paragraph summary of the paper. 2. Comment on one thing you think is particularly worth noting and/or discussing about the paper. B. Answer the following questions (it will be more interesting if you think about them before reading the Flowcheck paper; the goal is to come up with answers different than the ones it or your classmates would give): 1. Give an example of a piece of information X that's stored on a computer somewhere, and two people A and B, such that A would like to prevent B from learning X. 2. As in (1), but refine the example with a function F, such that it's okay, proper, or even expected for B to know F(X), but bad for him to know X itself. 3. While preparing this assignment, I ran the file through the Unix utility program "wc", which produced the output "33 286 1638", indicating that it contained 33 lines, 286 words, and 1638 characters. I want to assign a number to this execution, which will represent how many bits of information about the file are conveyed by the output, in the same sense that the answer to a single yes or no question might convey one bit of information, or a telephone number conveys about 30 bits. Propose a definition we might use to answer this question. You don't need to worry about the practicality of the definition, *except* that you have to say what answer your definition would give for my example. Your definition may or may not depend on the implementation of the program; if it does you can make any reasonable assumptions about it. 4. In our discussion of security abstractions, some of the examples were drawn from the following concepts of security in the classic context of an operating system: * Process isolation * Access control list * Reference monitors * Capabilities (a) Using your familiarity with common modern OSes (e.g., Unix/Linux or Windows NT/2000/.../7), give both a positive and a negative example of each concept. The positive example should be a place where the concept is used in your modern OS, and the negative example should be either another part of the OS that departs from the concept, or an aspect of your primary example that makes it different from the classic or pure version of the concept. Here's an example with a non-security concept: Concept: Uniform I/O; "everything is a file" Positive example: On Linux, hard drives, printers, text files, applications, and /dev/null all support the same basic operations of open(), read(), write(), and close(). Negative example 1: Network interfaces in Linux do not have file names, and you can't open() them or write() to them. Negative example 2: Even if the CD drive is a file with a name like "/dev/hdc", you can't cause it to eject the disk with file operations; you need to do an ioctl(). (b) Describe the relationship between isolation and a reference monitor in the concept of a process. Would it be sensible to use one technique without the other? (c) If you build a system that made maximal use of capabilities, which of the other concepts would you still need?