Assignment 4, due Feb 18

Part of the homework for 22C:169, Spring 2005
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated, and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

For those taking the course by video link, assignments may be submitted electronically by E-mail to Rajiv Raman. Please do not use obscure attachment formats! Plaintext E-mail is preferred to HTML, Word, RTF or other even more obscure formats! (Problem 1 has twice the weight of each of the other 3.)

  1. If you cannot prevent someone from using a covert channel, you can monitor the use of that channel or you can choke that channel's available bandwidth. Consider the use of modulation of the CPU utilization channel on a uniprocessor computer system (you can't cheat here by positing the use of additional CPUs).

    a) What would a source code auditor look for that might hint at the use of this channel, or that might hint that a program is unlikely to use this channel.

    b) How would you go about writing an application where the only purpose of the application was to interfere with the use of this channel. At what cost do you deploy this?

    c) What pattern of use of system calls could the operating system detect and report as a possible use of this channel.

    d) What action could the operating system take in response to detecting possible use of this channel in order to choke the data rate available through this channel.

  2. The original discoverers of the parameter validation problem found this with parameters to system calls. A user could call read, for example, passing a pointer to a buffer that was actually part of the operating system, and thus overwriting part of the system with code from a user-supplied file. Look at each of the basic memory protection models described in chaper 4, and for each, describe whether it is vulnerable to this attack or not. Assume, in each case, that the user calls the Unix read system call and that the user program is a normal user program.

  3. For each of the protection models that you identified in the above problem that is subject to the parameter validation problem, what protective measures should the read system call take to prevent this attack on the system.

  4. Each of the memory protection models discussed in chapter 4 can be used to protect the system from an errant user program. For each of these models, how well can it be used to protect one user program from another?