NATIONAL INSTITUTE OF TECHNOLOGY, CALICUT

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

CS4035: Computer Security 1st Midterm Exam (September 2016) SOLUTIONS
1. Classify each of the following as a violation of Confidentiality(C), of Integrity(I), of Availability(A), or of some combination thereof.
[0.5x4=2]
[Availability,Integrity]
[Availability]
[Data Integrity]

Suraj crashes Ravis system

Thomas deletes password protected assignment files of all students in his class
Gladson fakes Sanals signature on a check.

[Confidentiality, Source Integrity]

Anand spoofs Salims IP Address to gain access to his computer.

2. While inspecting the log of the OS it was found that there was a violation of access rights of a resource, during a certain
period of time. The TCB Requirement violated as a result of this is Correctness Requirement
3. Three states that SELINUX can be in during operation are
1. Disabled 2. Permissive 3. Enforced

[1.5]

4. Give an example of how CR5 of the Clark Wilson Model could be applied to the development and operation of
flipkart.com.
CR5 states that when an Input is UDI, the TP must either reject the UDI or transform it to a CDI.
[1.5]
Explanation flipkart.com provides consumer-to-consumer sales services. This means that a User is allowed to upload
information about a product into the system. All input is considered a UDI.
Solution The Web Service must Verify the Input info about the product provided by the user with a IVP (Integrity
Verification), and if it does not validate, it must reject the uploaded data and request the user to upload new data.
However if the data seems valid, it must convert it to data meaningful to the system therefore converting it to a CDI.
5. DM Bank is a financial institution with hundreds of clients in the business sector. DM Bank also has a section that does
data mining on all DM Bank databases for prediction, marketing and risk management purposes. Airline Companies
A, B and C ; Petroleum Companies D and E ; and Food Companies F, G, H and J are all clients of DM Bank. For the
following scenarios indicate(Y/N) if there is an Security violation occuring. If yes state the corresponding property of
Chinese Wall Model that can prevent this violation. Justify your answer in one line:
[1x3=3]
[N]
Ravi works for A and F.
Since Ravi works for companies in two different sectors, he does Not create any potential Conflict of Interest.
[Y]
Salman works for D and A. Tony works for D and C.
If Salman is able to write Sanitized Data to A. Tony can read the Data and is able to provide it to C, creating a potential
Conflict of Interest. The Chinese Wall Models *-property can solve this problem
[Y]
Jane works for D and E. Mary also works for E.
Jane works for two companies in the same sector thus creating an evident potential Conflict of Interest. Hence the
Simple Security Condition can prevent this
6. Consider a computer system with three users: Alice, Bob, and Cindy. Alice owns the file alicerc, and Bob and Cindy
can read it. Cindy can read and write the file bobrc, which Bob owns, but Alice can only read it. Only Cindy can read
and write the file cindyrc, which she owns. Assume that the owner of each of these files can execute it. Create the
corresponding access control matrix.

alicerc bobrc cindyrc

Alice
rwx
r

Bob
r
rwx

Cindy
r
rw
rwx

7. For the executable code given on next page:

(a) What is the Software vulnerability exploited in the above code?

Stack Overflow

(b) Mention one solution to prevent this exploitation. Justify your answer in one line.
Stack Canary can be used to add a check to determine if the return address has been modified.
Non-executable Stack can be used to prevent code from being executed on a stack.
1 #include < s t d l i b . h>
2 #define BUFSIZE 100
3 void j u s t c o p y ( char bar ) {
4 char BUF[ BUFSIZE ] ;
5 s t r c p y (BUF, bar ) ;
6 p r i n t f ( %s \n , BUF ) ;
7 }
8 int main ( ) {
9 char baz ;
10 baz = g e t e n v ( HOME ) ; // S t o r e Path o f User s Home Dir
11 j u s t c o p y ( baz ) ;
12 e x i t ( 0 ) ;
13 }
8. A Security Policy restricts the use of E-mail on a particular system to faculty and staff. Students cannot send or receive
E-mail on that host.
Classify the following mechanisms as Secure(S), Precise(P), or Broad(B).
[0.5x3=1.5]
[Secure]

The E-mail sending and receiving programs are disabled.

[Precise]
As each letter is sent or received, the system looks up the sender (or recipient) in a database. If that
party is listed as faculty or staff, the mail is processed. Otherwise, it is rejected. (Assume that the database entries are
correct.)
[Broad]
The E-mail sending programs ask the user if he or she is a student. If so, the mail is refused. The electronic
mail receiving programs are disabled.
9. Classify each of the following as an example of a mandatory(M), discretionary(D), or originator(O) controlled policy,
or a combination thereof. Justify your answers.
[1x4=4]
[Discretionary]
The file access control mechanisms of the UNIX operating system
Since users can assign and modify permissions that they possess, access control is discretionary.
[Originator]
A system in which no memorandum can be distributed without the authors consent
This would be originator access control. This is because if I am the author of the memorandum I am the one who can
say my information can be distributed, no one else can.
[Mandatory]
A military facility in which only generals can enter a particular room.
The system controls access and an individual cannot change that.
[Discretionary]
A university registrars office, in which a faculty member can see the grades of a particular student
provided that the student has given written permission for the faculty member to see them.
Here the student grants the permission to the faculty to see the grades. If he doesnt grant permission to a particular
faculty member, that faculty member cant see the grades.

10. Given the security levels TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered from highest to
lowest), and the categories A, B, and C, specify what type of access (Read(R), Write(W), Both(B), or Neither(N))
is allowed in each of the following situations. Assume that DACs allow anyone access unless otherwise specified. [2.5]
[Neither] Paul, cleared for (T OP SECRET, {A, C}), wants to access a document classified (SECRET, {B, C}).
Paul cannot read and cannot write to the document because Paul does not dominate document and also, document does
not dominate Paul.
[Neither]Anna, cleared for (CON F IDEN T IAL, {C}), wants to access a document classified (CON F IDEN T IAL, {B}).
Anna cannot read and cannot write to the document because Anna does not dominate document and also, document
does not dominate Anna.
{Read}Jesse, cleared for (SECRET, {C}), wants to access a document classified (CON F IDEN T IAL, {C})
Jesse can read document because Jesse dominates document, but Jesse cannot write to the document because document
does not dominate Jesse.
{Read}Sammi, cleared for (T OP SECRET, {A, C}), wants to access a document classified (CON F IDEN T IAL, {A})
Sammi can read document because Sammi dominates document, but Sammi cannot write to the document because
document does not dominate Jesse.
{Write}Robin, who has no clearances (and so works at the U N CLASSIF IED level), wants to access a document
classified (CON F IDEN T IAL, {B}).
Robin cannot read document because Robin does not dominate document, but Robin can write to the document because
document dominates Robin.