Homework 6

22C:116, Spring 1997

Due Friday Mar. 7, 1997, in class

Douglas W. Jones
  1. One component of a secure system is an authentication mechanism -- the mechanism used to determine whether the user of a resource is who the user claims to be. For most systems in common use today, we use passwords as our authentication mechanism. In the classic UNIX system, all user passwords are stored in a publically readable file named /etc/passwd, where each entry contains the following fields:
    1. login name
    2. encrypted password
    3. numerical user and group IDs
    4. public information (real name and phone number)
    5. initial working directory
    6. program to use as shell
    Read about authentication in section 4.4.6, and note that the Morris Thompson authentication method was invented to overcome serious weaknesses of the original UNIX password scheme!

    Consider the following alternative scheme for managing passwords: Each user's home directory contains a file called .password containing the following fields:

    1. encrypted password
    2. initial working directory
    3. program to use as shell
    The problem, part A: Propose an allocation of access rights such that the .password file can only be created by the super-user, is inaccessable to the public, read-only to the user-authentication program that runs when the user logs in, and read-write to the user. Assume the UNIX file system is used, and assume that the authentication program uses the user's name to find the user's home directory through some means outside of the .password file.

    The problem, part B: Propose appropriate places to store the other information traditionally stored in the UNIX /etc/password file/, and discuss the security implications of any accidental disclosure of this other information.

  2. The problem: Read about covert channels (Section 4.5.5) and then propose a way to construct such a channel under UNIX by modulating and measuring CPU utilization. Be specific! What must the transmitting process do to send a 1? What must the transmitting process do to send a 0? What does the receiving process do to detect whether a 1 or a 0 was sent? For each of these, what specific system calls would the transmitting or receiving process use to perform the required functions?

    Note: Perfect data transmission through covert channels is frequently difficult (for example, other processes may modulate the CPU utilization in as they perform useful computation and useful I/O). There are a class of data communications methods known as error correcting codes that can be used to provide any desired level of assurance that the data has been received correctly in the presence of any level of noise. In the simplest of such codes, every data bit is sent repeatedly and the recipient accepts the value represented by the majority of the copies received. You may assume that higher level software uses some such algorithm to account for noise in the communications channel.

  3. The UNIX system-call interface is obviously not object oriented, and is quite disordered in its structure. Consider the calls used for operations on an open file. These include read, write, lseek, ioctl, fcntl and close. Propose a class hierarchy for open file objects that appropriately captures the fact that not all operations are applicable to all file types, and that breaks out the strange functions of ioctl and fcntl in appropriate ways.

  4. The Problem: Section 6.4.3 discusses deadlock recovery methods for resource deadlocks. One of these is deadlock recovery through killing processes. In a communicaitons deadlock, this method does not work! There is, however, an equally simple method of breaking communicatons deadlocks. What is it?

    Hint: Consider a simple system with processes A and B each blocked awaiting a message from the other. What can you do to unblock one process so that it can unblock the other?