Computer Security: Art and Science

22.11 Exercises

1:
Tripwire does not encipher the signature blocks. What precautions must installers take to ensure the integrity of the database?
2:
Consider how a system with capabilities as its access control mechanism could deal with Trojan horses.

In general, do capabilities offer more or less protection against Trojan horses than do access control lists? Justify your answer in light of the theoretical equivalence of ACLs and C-Lists.
Consider now the inheritance properties of new processes. If the creator controls which capabilities the created process is given initially, how could the creator limit the damage that a Trojan horse could do?
Can capabilities protect against all Trojan horses? Either show that they can or describe a Trojan horse process that C-Lists cannot protect against.
3:
Describe in detail how an executable infecting computer virus might append itself to an executable. What changes must it make to the executable, and why?
4:
A computer system provides protection using the Bell-LaPadula policy. How would a virus spread if:

the virus were placed on the system at system low (the compartment that all other compartments dominate)?
the virus were placed on the system at system high (the compartment that dominates all other compartments)?
5:
A computer system provides protection using the Biba integrity model. How would a virus spread if:

the virus were placed on the system at system low (the compartment that all other compartments dominate)?
the virus were placed on the system at system high (the compartment that dominates all other compartments)?
6:
A computer system provides protection using the Chinese Wall model. How would a virus spread throughout the system if it were placed within a company dataset? Assume that it is a macro virus.
7:
Discuss controls that would prevent Dennis Ritchie's bacterium (see Section 22.5.1) from absorbing all system resources and causing a system crash.
8:
How could Thompson's rigged compiler be detected?
9:
Place the SAT/LOCK mechanism of treating instructions and data as separate types into the framework of the Clark-Wilson model. In particular, what are the constrained data objects, the transaction procedures, and the certification and enforcement rules?
10:
Critique Lai and Gray's virus prevention mechanism described in Section 22.7.2.2. In particular, how realistic is its assessment of the set of programs to be trusted? Are there programs that they omitted or that they should have omitted?
11:
Design a signature detection scheme to detect polymorphic viruses, assuming that no encipherment of virus code was used.
12:
Assume that the Clark-Wilson model is implemented on a computer system. Could a computer virus that scrambled constrained data items be introduced into the system? Why or why not? Specifically, if not, identify the precise control that would prevent the virus from being introduced, and explain why it would prevent the virus from being introduced; if yes, identify the specific control or controls that would allow the virus to be introduced and explain why they fail to keep it out.
13:
Prove that the d function defined in Section 22.6.1 is equivalent to the d function in Section 3.2.

Top

1:	Tripwire does not encipher the signature blocks. What precautions must installers take to ensure the integrity of the database?
2:	Consider how a system with capabilities as its access control mechanism could deal with Trojan horses. In general, do capabilities offer more or less protection against Trojan horses than do access control lists? Justify your answer in light of the theoretical equivalence of ACLs and C-Lists. Consider now the inheritance properties of new processes. If the creator controls which capabilities the created process is given initially, how could the creator limit the damage that a Trojan horse could do? Can capabilities protect against all Trojan horses? Either show that they can or describe a Trojan horse process that C-Lists cannot protect against.
3:	Describe in detail how an executable infecting computer virus might append itself to an executable. What changes must it make to the executable, and why?
4:	A computer system provides protection using the Bell-LaPadula policy. How would a virus spread if: the virus were placed on the system at system low (the compartment that all other compartments dominate)? the virus were placed on the system at system high (the compartment that dominates all other compartments)?
5:	A computer system provides protection using the Biba integrity model. How would a virus spread if: the virus were placed on the system at system low (the compartment that all other compartments dominate)? the virus were placed on the system at system high (the compartment that dominates all other compartments)?
6:	A computer system provides protection using the Chinese Wall model. How would a virus spread throughout the system if it were placed within a company dataset? Assume that it is a macro virus.
7:	Discuss controls that would prevent Dennis Ritchie's bacterium (see Section 22.5.1) from absorbing all system resources and causing a system crash.
8:	How could Thompson's rigged compiler be detected?
9:	Place the SAT/LOCK mechanism of treating instructions and data as separate types into the framework of the Clark-Wilson model. In particular, what are the constrained data objects, the transaction procedures, and the certification and enforcement rules?
10:	Critique Lai and Gray's virus prevention mechanism described in Section 22.7.2.2. In particular, how realistic is its assessment of the set of programs to be trusted? Are there programs that they omitted or that they should have omitted?
11:	Design a signature detection scheme to detect polymorphic viruses, assuming that no encipherment of virus code was used.
12:	Assume that the Clark-Wilson model is implemented on a computer system. Could a computer virus that scrambled constrained data items be introduced into the system? Why or why not? Specifically, if not, identify the precise control that would prevent the virus from being introduced, and explain why it would prevent the virus from being introduced; if yes, identify the specific control or controls that would allow the virus to be introduced and explain why they fail to keep it out.
13:	Prove that the d function defined in Section 22.6.1 is equivalent to the d function in Section 3.2.