Assignment 10, due Apr 26
Part of
the homework for 22C:169, Spring 2010
|
Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.
a) Briefly describe 3 different ways someone could burgle the mug (note: burglary, not robbery). (0.5 points)
b) Create an attack tree that compactly covers all of your alternatives for part a. Don't forget to document the distinction between and and or nodes in the tree (that is, where the subtrees below a node are all required for an attack, versus where the subtrees below are alternatives for accomplishing an attack.) Estimate costs for each node in the tree, in terms of man-hours of labor needed for that goal. Note that the cost of an and node is at least the sum of the costs of its children, while the cost of an or node is at least the minimum of the costs of its children. (Suggestion: If a tree diagram gets messy, consider using outline format, with the subtrees under each node indented below the description of that node.) (1.0 points)
c) From the tree with cost estimates, derive a description of the least-cost attack. (0.5 points)
Consider the problem of connecting the computers controlling the sluice gates of a flood-control dam to the Internet. These computers must be protected from attack from the Internet, but the stream of flood forecast data they generate is of vital importance to all downstream property owners.
a) Explain how a data diode can be useful in the context of the Bell-LaPadula security model. (0.5 points)
b) Is the Bell-LaPadula model applicable to the flood-control reservoir control system? Explain your answer. (0.5 points)
c) How are data diodes applicable to protecting the flood-control reservoir control computer? (0.5 points)
a) How many bits of covert data can you include in a TCP header? (0.5 points)
b) How can you include covert data in the Options and Padding field of a TCP packet? (0.5 points)
c) If you were writing a firewall that was supposed to block covert channels, how would you block the use of the channels you have described above? (0.5 points)