Assignment 9, due Apr 27

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated, and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

1. Consider a web server used to display election results. Results must be able to flow out from the server to the public internet, but only results. Each results file contains a message authentication code, and if the secrets used to compute those message authentication codes are exported, they would allow a forger to create a bogus result file and then claim that the official result file was itself the forgery. Therefore, we must be extremely wary of covert channels from the server out into the network.

   a) Since it's a web server, the output is HTML. Explain several ways in which data can be steganographically encoded in an HTML document (note that HTML and XML are very similar, so tricks that work in one usually work in the other).

   b) Suggest a way that an election administration could convince outside observers that the steganographic channel discussed in part a was blocked, and discuss how outside observers can verify that this is the case.

2. The Amoeba protocol stack is considerably shallower than the ISO/OSI reference model. Why?

3. Amoeba's remote procedure call mechanism solves a number of problems that are considered important in the world of security.

   a) With reference to the core concepts of protection domains, gate crossing and the access matrix, what problems does it solve.

   b) Give examples of problems it does not solve.