Please turn in a PDF through Gradescope (this link works if you are logged in to Blackboard.) The answer to each question should begin on a new page. Gradescope is pretty self-explanatory, but if you'd like you can watch the ITaP video instructions. Make sure that you mark the start/end of each question in Gradescope. Assignments will be graded based on what you mark as the start/end of each question. Please typeset your answers (You won't be doing handwritten responses during a Google phone interview, why would you do so for class?)
Describe a security requirement that you think is appropriate for a file system, and for that requirement, describe the logging requirements of the following system calls:
A successful attack was performed on a system at time t that gave the attacker full control of the system (including the power to modify the audit log from time t and beyond, but not before time t.) Given the log from time 0 to current such that 0 < t < current, would you still be able to identify that an attack happened on the system? Explain your answer. (Assume that all relevant events are logged in the audit log.)
Suppose when a successful compromise of a system is detected, the system administrator receives an email from the notifier. Describe a drawback of this mechanism? How should an appropriate user be notified?
Assume, a computer system has 4 users: Kate, Alice, Bob, and Mike. Kate owns file Katefile, the other three people can only read the file. Mike and Kate can read and write file Alicefile (owner Alice). Only Bob can read and write the file Bobfile which he owns. Mike owns the file Mikefile and Bob and Kate can read and write the file Mikefile. Assume the owner of a file can execute it.
Suppose we want to model a system with separation of duties, for example, that two people must agree to withdraw money from an account. One idea would be to create a file, give one person write access to the file, and another execute access. One person would write commands to the file to withdraw money, the other person would then execute the command.
programsconsisting of a sequence of primitive commnads, as shown in slide 22 (page 7) of the 2/19 slides.
The HRU access control matrix model, and attack graphs, both provide a way to formally model if security policies can be violated. What do we generally think of getting from the attack graph that we don't get in the HRU model?