22908 CSC 3080A - 0 - Operating Systems

Spring 2012
Herbert J. Bernstein ( )

Quiz 9

  

This web page is http://www.bernstein-plus-sons.com/.dowling/CSC3080S12/CSC3080_Quiz_9.html
Copyright © 2003, 2005, 2012 Herbert J. Bernstein and other parties. All rights reserved.

This is the nineth weekly quiz to be taken by Friday, 20 April 2012. It should take you between half an hour and 2 hours to answer the following questions. You should take this quiz after reading Chapters 8, 9 and 10 in Anderson and finishing the program designs in assignment 6.

  <==== Do this AFTER you've answered all the questions

You probably DON'T want to do this ===>  

Please fill in the following information:

Name:


Email:

Skype ID:

  1. Some of the ways in which an unauthorized person might gain access to a user's password involve human error (such as the user writing down his/her password and leaving it where someone might find it) or malice (such as the system administrator snooping user keystrokes and recording passwords). Briefly list as many ways as you can in which an unauthorized person might gain access to a user's password that involve neither human error nor malice attributable to the user and that do not involve mailce attributable to the system administrator.

  2. For each of the vulnerabilities that you have listed in response to question 1, explain what steps you took or might have taken in your design and implementation of access cntrol programs for Linux and Windows.

  3. Give the URLs of your essay and Linux and Windows access control designs.

  4. What are the two properties that the Bell-LaPadula enforces?

  5. What are the strong and weak tranquility properies and why are they important?

  6. Explain MLS in Vista.

  7. Explain MLS in Linux.

  8. Summarize the stengths and limitations od mandatory acess control. Note that the chapter summary in the book does not provide such a summary.

  9. For credit worth one full quiz, do a detailed design analysis of the problem of ensuring privacy of medical records. There will be no partial credit. If you are thorough and complete, you get full credit. For anything less, you get no credit. Post the actual document on your Google sites web and give the URL as your answer here.

  10. For credit worth one full quiz, do a detailed design analysis of the problem of ensuring security of financial transaction. There will be no partial credit. If you are thorough and complete, you get full credit. For anything less, you get no credit. Post the actual document on your Google sites web and give the URL as your answer here.

  11. State what your course project is and give its status. Give a detailed list of the tasks you need to perform to do the project, and for each task, give both what has been accomplished so far and what you still need to do to finish the project.

  12. Explain what a unix shell is and explain what the security considerations (if any) are in the design of a unix shell. This will require some though and research on you part. If you do a particularly good job, you can have another full quiz of credit, but in this case, partial answers will also get credit.

  <==== Do this AFTER you've answered all the questions

You probably DON'T want to do this ===>  

Revised 19 April 2012