Puzzle for January 18, 2002

A company has 3 large systems, zeus, poseidon, and hades, on which it houses sensitive data. A consultant is hired to check the security of zeus. The contract says that all work is to be performed on site. The consultant is given accounts on all three systems, because the systems are networked together.

  1. The consultant probes zeus from poseidon and, as a result, suspects several security flaws. He tries to exploit some to determine if the flaws are actually present. Two of the tests are successful. Did the consultant breach his agreement?
  2. In the process of testing zeus from poseidon, the consultant finds evidence of several security problems on poseidon. To validate these flaws, he tries to exploit them, and succeeds in breaching poseidon's security. Did the consultant breach his agreement?
  3. The consultant obtains an encrypted file from zeus, takes it to his home system, and later that night deciphers it to demonstrate to himself that the cipher is easy to break. He then repeats the decryption at the site the next day. The company finds out that he took the encrypted file home, and decrypted it there. When asked why, he explains that zeus and poseidon were too slow to perform the analysis, so he took the file home to use his home system. This action helped him provide a better analysis of the security of the system he was hired to analyze. Did the consultant breach his agreement?

ECS 153, Introduction to Computer Security
Winter Quarter 2002
Email: [email protected]