Assignment 6, due Mar 4

Part of the homework for 22C:169, Spring 2011
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

  1. Background: Consider the properties of a stack object s: The methods s.push(d) and d=s.pop() are available to anyone able to see the object s, but the actual representation used for the object is hidden, so users cannot directly manipulate the stack pointer(s) or determine if the stack is maintained as a list or some other data structure.

    Now, consider representing a stack as the file fs, with two applications, push fs<data and pop fs>data that implement the abstraction.

    A problem: What Unix-style ownership and access rights should be used for the stack object fs and the applications push and pop in order to enforce the access rules that stack users can only manipulate stacks by using the applications that implement the methods of the abstract stack class. You may need to invent some users or groups to solve this problem. If you do, document the purpose of each. Hint: You will probably need to use the SUID or SGID bits. (1 point)

  2. Background: Now, consider a file system based on access control lists. The access rights are R, W, X, S. R W and X are the usual read, write and execute access rights. When a user executes a program using the X right, the user's identity does not change. When a user executes a program using the S right, the user's identity changes to the identity of the program itself. No two programs have the same identity. Assume a user called u exists, the user of a stack object, as defined in the previous problem.

    A problem: Give the access control lists for the file holding the stack object, fs and the files holding the push and pop applications, push and pop, so that the abstract rules for stacks are enforced. If you have to invent to invent additional applications to solve the problem, document what they do and give their access control lists. (1 point)

  3. Background: Now, consider a file system based on capability lists. Capability lists may grant access to files, or they may grant access to other capability lists. The access rights are R, W and X. R and W access rights allow a file to be read or written. Simple text and capabilities can both be passed as parameters. The X access right on a file permits it to be executed in the caller's environment. The X access right on a C-list permits the file named main in that C-list to be executed with that C-list as its environment. Assume a user called u exists, the user of a stack object.

    A problem: Give the capability list of this user, along with any auxiliary C-lists needed. Use the name fs for the file holing the protected representation of the stack, accessible only to the code of the push and pop programs. Document the purposes of any auxiliary C-lists and any auxiliary applications needed to solve this problem. Hint: The solution is entirely different from the solution to parts a and b, but it bears a strong relationship to typical models of abstract programming language semantics for object-oriented languages. (1.5 points)

  4. Background: Now, consider an extension to the above C-list system. The extension adds a new type of object, the sealed object, so we now have files, C-lists and sealed objects. There are two new operations, seal and unseal. Given a pair of capabilities c and k, seal(c,k) returns a capability for a sealed object s, where c is the capability being sealed and k is the key needed to unlock it. There is only one operation that applies to sealed objects, unseal(s,k). This is defined by the relationship unseal(seal(c,k),k')=c if and only if k and k' refer to the same object. If k and k' refer to different objects, the unseal operation fails and returns an invalid capability. This allows a completely different approach to implementing object-oriented abstraction. Assume a user called u exists, the user of a stack object.

    A problem: Give the capability list of this user, along with any auxiliary C-lists needed. Use the name fs for the file holing the protected representation of the stack, accessible only to the code of the push and pop programs. Document the purpose and use of any auxiliary C-lists, auxiliary applications, or auxiliary objects you needed to solve this problem. (1.5 points)