Homework 6

22C:116, Fall 1997

Due Monday Oct. 6, 1997, in class

NOTE: There is no class Friday, Oct. 3

This is the second day of Rosh Hashana, the Jewish New Year
Douglas W. Jones

  1. Consider the following covert channel: Two spies wishing to communicate by sending picture postcards through the postal system, agree to encode their covert messages in the stamps used to send the postcards. The overt message written on each postcard will be there only to mislead anyone trying to eavesdrop on the spies.

    It costs 20 cents to mail a postcard, and stamps are available in denominations of 1 2 3 4 5 10 15 and 20 cents. The spies agree that using more than four stamps per message would look suspicious, and they agree that all cards will be stamped with exactly 20 cents worth of stamps. They agree that the only way messages will be encoded is by the combination of denominations used, the order of the 4 or fewer stamps on the card, and by the orientation of each stamp in the row.

    How many full bits of information can be conveyed per postcard through this covert channel.

  2. Internet E-mail is always preceeded by a header containing many fields; some of these fields are necessary -- the To: determines where the mail will be delivered, for example. Others are added automatically by the mail delivery system -- the From: and Received: lines, for example. Other header lines are under the control of the sender (or the sender's mailer software). Among these are the Organization: line, the Subject: line, and the Comment: lines. Considerable information can be encoded in these lines, but of course, they are open to inspection by every system that forwards mail.

    To include extra header fields in a piece of mail, try this: 

    % mail -s "The subject \
Comment: An added header line \
Organization: Another added line" your-e-mail-address
Message body
.
    Propose a covert channel that you could use within the mail header for communicating with your intended recipient, and propose a way that mailers and mail forwarders could be modified to block this channel.

  3. UNIX class accounts in the CS department are managed as follows: All students in the class are made members of the group for that class. All files to be used by students in that class are given that group as the group owner. The instructor typically owns the files in the group's directory, typically isn't a member of the group. Thus, the instructor's access rights are owner rights, while the students gain access to the files as members of the group.

    Consider the following policy: The class is named CLASS; it contains two students AMY and BOB. LOU is a person not in the class. The instructor is KIM. Each student has a file called HW, private read-write for that student. The instructor has a file called GRADES, private read-write for the instructor. The instructor can read and write ASSIGNMENT and SYLLABUS; all students in the class can read ASSIGNMENT, but LOU may not. Everyone can read SYLLABUS.

    a) Describe this as an access matrix.

    b) Describe this as a set of capability lists, one per user.

    c) Describe this as a set of access control lists, one per file.

    d) Describe how UNIX would allow you to enforce this policy.

  4. Finally, what feature was added to UNIX that defeats the use of the SETUID bit for solving the mutual suspicion problem?