SFL Prof. Dr. C. Rossow / S. Hausotte TU Dortmund WS 2021/2022 Exercise 4 (System Security)
In the lectures, some types of covert channels have been introduced.
(a) What differentiates covert channels from normal communication channels? Why and how could they cause problems?
(b) Why is it harder to secure an environment against covert channels than it is agains most other types of unwanted communication?
Copyright By PowCoder代写 加微信 powcoder
(c) Is it feasible to run real-world attacks based on covert channels? Do some online research and try to find out if there are recent cases.
(d) Assume two processes are running on the same physical computer. Choose an arbitrary form of covert channel communication which can be prevented by one of the process isolation measures from the lectures and explain the case.
Also give an example for a covert channel which can not be prevented by these measures.
4.2 File Permissions
(a) Which three permissions can be specified for UNIX files?
(b) Who can be granted these privileges? Hint: There are three levels of granularity.
(c) In the home directory ¡±top-secret¡± on the server of the German parliament, you type ls -l and get the following output:
-rw-rw-r– schlz ampel coalition.pptx
drwx—— mrkl mrkl g8-topics
-rw-r—– sphn ministry-health ffp2-invoice.pdf
-rwsr-xr-x root root omicron.sh
What do you learn about the files from this information?
4.3 Bell-LaPadula/Biba Model
(a) Where lies the difference between the Bell-LaPadula model and the Biba model and what are their goals?
(b) We define a notation a ¡úr b for level a wants to read from level b and a ¡úw b for level a wants to write to level b. 0 is the most and 3 the least privileged/authorative level. Which of the following access requests are permitted by which model?
0 ¡úr 0 1 ¡úr 3 0 ¡úw 2 1 ¡úw 1 3 ¡úw 2 3 ¡úr 2
Bell-La Bell-LaPadula & Biba
(c) What is the problem when using both Bell-LaPadula and Biba at the same time?
SFL Prof. Dr. C. Rossow / S. Hausotte TU Dortmund WS 2021/2022 Exercise 4 (System Security)
4.4 Special registers
(a) Flags: The {R|E}FLAGS register contains certain processor state, most interestingly during normal operation, the carry flag CF at index 0 (least significant bit), the zero flag ZF at index 6, the sign flag SF at index 7, and the overflow flag OF at index 11.
The carry flag applies to unsigned operation, while the sign and overflow flags apply to signed operation.
These flags generally refer to the result of the most recent arithmetic operation and control most conditional branches. Importantly, since comparisons (via the cmp instruction) are just subtractions under the hood, certain conditional instructions are functionally equivalent, such as je (jump if equal) and jz (jump if zero) for example, as subtracting a number from itself will always return zero.
For the following snippet, decide whether or not the branches would be taken and explain why.
mov eax, 0 mov ebx , 1234 cmp eax , ebx
I je: Jump if equal II jz: Jump if zero
III jb: Jump if below (unsigned less-than) IV jl: Jump if lesser (signed)
You can do even more fun things with the flags, although this is probably not something you should do in an actual application: while they cannot be accessed directly, you can store flags to the stack using pushf and load them from there using popf.
and ax, 0xFFFE or ax, 0x00C0 and ax, 0xF7FF push ax
After this code executes, what are the values of each of the flags mentioned at the start of this question? NB: The previous values are not relevant; all relevant bits are written to.
(b) Instruction pointer: the rip register contains the address of the next instruction to execute.
The call instruction pushes the address of the first instruction after it onto the stack, and then jumps to the address passed in its argument. The ret instruction inverses this by popping the value at the top of the stack into the instruction pointer register.
In the following snippet, assume the line numbers are addresses. This is for the sake of simplicity,
as real x86 instructions don¡¯t always have the same length.
1 mov rbx, 5
2 call double
3 mov rbx , rax
4 jmp 1234
7 mov rax , rbx
8 add rax , rax
What are the values of the rip register after
I the first mov, II the call,
III the ret,
IV and the jmp?
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com