Assignment 6, due Mar 30

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated, and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

1. See problem 4 on the midterm exam concerning the anon command. Assume that the anon command is a single executable file, protected as documented in the exam solution, part a, and with all of the additional mechanism described in part b.

   As it turns out, the anon command as designed here has a significant security loophole. A program launched by the anon command can potentially attack the anon command itself.

   a) What damage can the attack program do?

   b) Design the attack program. That is, how does the attack program go about its business of attacking the anon command.

   c) Explain how the Unix chroot command can be used to create an even deeper sandbox that will defend against this attack.

   d) Can you devise a defense that does not involve the use of chroot but instead rests entirely on the tools used to produce the original anon command discussed in the notes?

2. Many of the weaknesses discussed in Security Analysis of the Diebold AccuBasic Interpreter could be found in other software products. Consider Visual Basic, which is compiled to Microsoft's .NET virtual machine code. Or consider Java, which is usually compiled ot J-code.

   Outline, at the top level, what you would look for in assessing the security of .NET or Java against such attacks.