Homework 6 Solutions

22C:116, Fall 1997

1. The following combinations of 4 or fewer stamps add up to 20 cents, assuming that the available denominations are 1 2 3 4 5 10 15 and 20 cents, and that the order and orientation of stamps is significant. We only allow each stamp to have 4 orientations here:

    stamps
     used      orderings orientations product
     20           1           4          4
     15 5         2          16         32
     15 4 1       6          64        384
     15 3 2       6          64        384
     15 3 1 1     12        256       3072
     15 2 2 1     12        256       3072
     10 10        1          16         16
     10 5 5       3          64        192
     10 5 4 1     24        256       6144
     10 5 3 2     24        256       6144
     10 4 3 3     12        256       3072
     10 4 4 2     12        256       3072
      5 5 5 5     1         256        256
                                  ---------
                             total = 25844
   

   This sum is between 2¹⁴ and 2¹⁵, so this covert channel has a capacity of over 14 bits per postcard.

2. A covert channel that you could use with internet mail might involve the presence and order of Comment: or Organization: lines. The actual contents of these lines is an overt channel, but one can easily hide information in the text of these lines (for example, in the number of trailing spaces on each text line) and since the order of these lines has no significance, one can also encode information in the order of the extra header lines and in the presence or absence of such lines. In addition, under some mailers, you can control, to some extent, the order of header lines, and encode information in this.

   Technically, this isn't quite a covert channel, since all of this information is exposed to anyone who inspects the mail, but it is a channel that is likely to be ignored by most mail readers -- I know I ignore it in all mail I get, looking instead at the message body.

   This channel is easily blocked by sorting the lines of the mail header into a steriotypical order, removing trailing blanks and other nonstandard orthographic features that have no significance to the mail system, and by removing all optional lines from the mail header and only preserving those that have real meaning to the mail delivery system. This blocking can be done by any machine that forwards internet mail, from the sender through any intermediate mailers to the recipient's machine.

3. ------ UNIX class accounts in the CS department are managed as follows: All students in the class are made members of the group for that class. All files to be used by students in that class are given that group as the group owner. The instructor typically owns the files in the group's directory, typically isn't a member of the group. Thus, the instructor's access rights are owner rights, while the students gain access to the files as members of the group.

   Consider the following policy: The class is named CLASS; it contains two students AMY and BOB. LOU is a person not in the class. The instructor is KIM. Each student has a file called HW, private read-write for that student. The instructor has a file called GRADES, private read-write for the instructor. The instructor can read and write ASSIGNMENT and SYLLABUS; all students in the class can read ASSIGNMENT, but LOU may not. Everyone can read SYLLABUS.

   a) Describe this as an access matrix.

       | Amy | Bob | Kim |  Kim |      Kim
       | HW  | HW  | GRADES ASSIGNMENT SYLLABUS
   ----|-----|-----|-----|------|--------------
   AMY | RW  |     |     |  R   |      R
   ----|-----|-----|-----|------|--------------
   BOB |     | RW  |     |  R   |      R
   ----|-----|-----|-----|------|--------------
   LOU |     |     |     |      |      R
   ----|-----|-----|-----|------|--------------
   KIM |     |     | RW  |  RW  |      RW
   

   b) Describe this as a set of capability lists, one per user.

       | Amy | Kim        | Kim
   AMY | HW  | ASSIGNMENT | SYLLABUS
       | RW  | R          | R
   
       | Bob | Kim        | Kim
   BOB | HW  | ASSIGNMENT | SYLLABUS
       | RW  | R          | R
   
       | Kim
   LOU | SYLLABUS
       | R
   
       | Kim |  Kim |      Kim
   KIM | GRADES ASSIGNMENT SYLLABUS
       | RW  |  RW  |      RW
   

   c) Describe this as a set of access control lists, one per file.

   Amy | AMY
   HW  | RW
   
   Bob | BOB
   HW  | RW
   
   Kim    | KIM
   GRADES | RW
   
   Kim        | AMY | BOB | KIM
   ASSIGNMENT | R   | R   | RW
   
   Kim      | AMY | BOB | LOU | KIM
   SYLLABUS | R   | R   | R   | RW
   

   d) Describe how UNIX would allow you to enforce this policy.

   Groups:  Students -- AMY BOB
            Other    -- LOU KIM
   
   File           Owner   Group    Rights Self Group Other
   
   Amy/HW         AMY     Other           RW
   Bob/HW         BOB     Other           RW
   Kim/GRADES     KIM     Other           RW
   Kim/ASSIGNMENT KIM     Students        RW   R
   Kim/SYLLABUS   KIM     Students        RW   R     R
   

4. Finally, what feature was added to UNIX that defeats the use of the SETUID bit for solving the mutual suspicion problem?

   The feature is the distinction between the real and effective UID and the option that allows a user to revert to the real UID after using the effective UID that was set by the SETUID feature.