Computer Systems Security
Homework I
Due Date:  October 1, 1999 (in Class)

  1. The Saltzer and Schroeder paper  discusses both access control list and capability based mechanisms for memory protection. Capability based mechanisms are desirable because of the better performance they provide. However, revocation is a problem when capabilities are used. The paper presents a hybrid scheme that combines access control lists with capabilities. How  is revocation of access rights implemented in this system? Explain your answer by discussing the choices that exist and the one(s) that you recommend.


  2. Assume that a certain organization wants to employ one-time password techniques to secure logins from remote locations. The organization have acquired smart cards that have a clock and the cards can compute a one-way function of some input. If the clock in the cards remains synchronized with the clock of the system to which logins must be secured, a simple and efficient challenge-response protocol can be devised to authenticate users.  Develop such a protocol and discuss its strengths and weaknesses.


  3. Discretionary access control (DAC) policies allow the owner of a resource to control who can access the resource. To allow rich and flexible sharing, assuming that the system defines subjects or principals using a hierarchical schemes. Simple principals correspond to users that should have access to resources in the system. A set of users can be defined to belong to a group. It is also possible to define groups that have other groups and users as members. The system allows both positive and negative access rights to be specified for any subject (such a subject may be a user or a group).

    Describe how authorization is done in this system? In particular, explain how the system decides if a request from a certain user must be granted or denied? 

  4. Consider a procedure segment in Multics that has the access bracket (k,l,m).  If a process is currently executing in ring r, explain the differences in the handling of ring cross fault for the following two cases: (1) r is less than k, (2)  r is greater than l.