CS 450/650 Fundamentals of Integrated Computer Security

Fall 2014

Homework 2 : Authentication

Due on Thursday, Sep 25 at 1:00 pm

The following problems are from the text book (Stallings and Brown, 3rd edition):

Chapter 3

8 - It was stated that the inclusion of the salt in the UNIX password scheme increases the difficulty of guessing by a factor of 4096. But the salt is stored in plaintext in the same entry as the corresponding ciphertext password. Therefore, those two characters are known to the attacker and need not be guessed. Why is it asserted that the salt increases security?

Chapter 4

1 - For the DAC model discussed in Section 4.3, an alternative representation of the protection state is a directed graph. Each subject and each object in the protection state is represented by a node (a single node is used for an entity that is both subject and object). A directed line from a subject to an object indicates an access right, and the label on the link defines the access right.
a. Draw a directed graph that corresponds to the access matrix of Figure 4.2a.

5 - UNIX treats file directories in the same fashion as files; that is, both are defined by the same type of data structure, called an inode. As with files, directories include a nine-bit protection string. If care is not taken, this can create access control problems. For example, consider a file with protection mode 644 (octal) contained in a directory with protection mode 730. How might the file be compromised in this case?

8 - Assume a system with N job positions. For job position i, the number of individual users in that position is U_i and the number of permissions required for the job position is P_i.
a. For a traditional DAC scheme, how many relationships between users and permissions must be defined?
b. For a RBAC scheme, how many relationships between users and permissions must be defined?

10 -

What to turn in: A softcopy of your solutions (could be a scanned version of the hard copy) to be uploaded as a single file to WebCampus.