Assignment 4, due Feb 23

Part of the homework for 22C:169, Spring 2006
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated, and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

  1. Here is a code fragment in a C-ish language: 
    {
	const int a = 5;
	{
		int b;
		-- context X --
	}
	{
		int c;
		-- context Y --
	}
	-- context Z --
}

    a) Construct an access matrix describing the access rights
to the variables a, b and c from the contexts X, Y and Z.

    
b) Construct the access control lists for the variable a, b and c.

    
c) Construct the C-lists for the contexts X, Y and Z.
timesharing system to avoid being taken in by such an attack.

    

  2. 
Consider a situation where you have two variables, a and b.  Functions
X and Y need to share access to a, while functions Z and W need to share
access to B.  X and Y must not be able to access b.  Z and W must not be
able to access a.  This is a classical mutual distrust problem!
Note that all functions can call all other functions, so X can call Z.
Our focus here is on the variables, not the rights to call.

    
a) Use some programming language to solve this.  It is easier in languages
such as Java and Ada that have some kind of modular or object-oriented
abstraction mechanism, but it is just possible to solve it in Pascal.

    
b) Consider what happens to the access rights when X calls Z or when Z calls Y.
What does this tell you about the correctness of the standard assumption that
each process executes in a fixed protection domain.

    

  3. 
Finish the machine problem to write a new UNIX password
authenticator based on a .passwd file in each user's home directory.
Your program need not encrypt the password.  It can keep it in plain
text format.  Your program should use standard input and standard output,
for example, reading and writing using the C (or C++) functions getchar()
putchar().  Make no effort to be flashy!

    
Turn in a listing of your code, with sufficient documentation that someone
rewriting your program could figure out the file format.