Assignment 7: System Design and Validation, Audit, and Malware

Start date 12 November, due beginning of class 19 November.

1. Common Criteria evaluation

You have been hired by Prof. Comer to certify Xinu under the Common Criteria, specifically the new US Government Protection Profile for General-Purpose Operating Systems in a Networked Environment.

You don't have to have taken CS50300 to answer this question (even though it is technically a prerequisite for this course.) What you need to do is to describe how to go about evaluating Xinu with respect to the User Data Protection requirements (Section 5.3 of the Protection Profile.) You should describe tasks that would need to be performed, and tools/techniques you could use to assist in performing those tasks.

(If you are not familiar with Xinu, you can just assume a generic Unix-like operating system.)

While the Protection Profile is designed only for evaluations up to EAL2+, you are asked to do this planning for an EAL6 evaluation. (You can find a description of the evaluation levels in Part 3 of the Common Criteria Documents. To make the problem more tractable, you can assume that Xinu has already passed an EAL5 evalution; all you need to do is describe what additional work should be done for an EAL6 evalution, what techniques, methods, and tools you would use, and briefly how you would use those. Hint: See pages 41 and 43 of Part 3 - this should give you a start on what you need to do.

Expect to turn in about two to three pages typeset. You should find things you have learned in several parts of the course useful in answering this question.

2. Auditing

Assume a web-based system that has a state-less front-end web server (which just processes requests as it is with no state being tracked), an application engine (such as a Java servlet engine) that receives requests forwarded by the front-end, and a database that is used store/retrieve/manage data by the application engine. The application engine hosts application for a bank. The web-based system allows for a user to carry out online transactions, online viewing of accounts as well as other common tasks.

• (a) What types of logging mechanisms should be used for the front-end, the application engine, and for the database in order to audit the requests received, their processing, and the privilege modes/user ids in which requests are processed.
• (b) What auditing should such a system support?

To answer this question, you will need to start by thinking about the security policy - it is not critical that your security requirements be complete (although you need to at least be reasonable), and then discuss how the logging would enable you to detect violations of those requirements.

For this question (and often in real life), it is more important to have a simple set of security requirements and a solid explanation of the auditing used to support those, than to have a comprehensive audit system that you can't justify.

3. Malware

Pretend you've just seen a new type of malware that places the malicious code in an audio file, by using different frequencies to correspond to different instructions. Existing vulnerabilities are used to get access to the system and install a small interpreter that reads the infected audio files and executes them. Assume that you are unable to detect/prevent the interpreter (and that it doesn't do anything harmful by itself anyway) - your job is to detect or prevent it from executing malicious audio files.

• (a) List one or more ways you could detect an infected audio file. Provide a brief (one paragraph) description of each approach.
• (b) List one more more ways you could prevent an infected audio file from being executed, again with a one paragraph description of each.

This page last modified