Sample Midterm Questions

  1. Find the non-robust features in this function, and fix them. Its purpose is to copy a string from one buffer to another.
    void mystrcpy(char *s, char *t)
    {
    	while(*t != '\0')
    		*s++ = *t++;
    	*t = '\0';
    }
    
  2. Why is a precise statement of security requirements critical to the determination of whether a given system is secure?
  3. System vendors often add security features to strengthen the security of their systems. These additions are not designed into the system, but rather are added after the system has been shipped. Discuss whether adding security features to a large, complex operating system not designed with security in mind (such as the UNIX operating system or Windows 95) violates any of Saltzer's and Schroeder's design principles.
  4. Please describe how the vulnerabilities models are used during the Flaw Hypothesis Methodology. Be explicit: which phase of the methodology uses them, and how?
  5. Into which category or categories of the Protection Analysis classification do the following fall? Please justify your answer.
    1. Buffer overflow causing a return into the stack?
    2. Allowing an ordinary user to alter the password file?
    3. Simultaneous writes to a shared database?
    4. Reading a UNIX file by directly accessing the raw device and reading first the superblock, then the file's inode, and finally the file's data blocks?

You can also obtain a PDF version of this. Version of November 1, 2006 at 9:15 AM