Assigned: 2 Dec 1999
Due: 9 Dec 1999 at 2:30 PM

Late homeworks will not be accepted.

1. Why is it difficult to protect a system in which users are allowed to access I/O devices directly without access controls imposed by the operating system?
2. Is it possible to crack a message encrypted using a one-time pad? Why or why not?
3. Your grades are all stored online in a single file readable by anyone with a Web browser. How can this file be protected so that only you can read your own grade? Remember, you can't store the actual password online because that file would also be readable by everyone.
4. Almost all public key encryption systems such as PGP rely on both public-key and shared key encryption. Why? In particular, why not use public key encryption for an entire message?
5. Most Unix-based systems have a "superuser" account (root) that is allowed to perform all operations on the system. This is usually necessary because of the limited way in which the protection matrix can be specified in Unix. What disadvantages does this scheme have? In what cases must a user be the superuser to perform some operation, but should still not have access to all privileges on the system?
6. Why must operating systems check that all of their parameters are valid? Discuss a way to use the operating system to violate a system's security that takes advantage of lax argument checking in the OS.
7. It has been claimed that diversity in operating systems makes it more difficult for hackers to bring down the entire Internet. Do you support this claim? Why or why not? How might a diversity of hardware and operating systems prevented the attack of Robert Morris' Internet worm?