CS551: Problem Set 4: Systems Security

University of Virginia, Department of Computer Science
CS551: Security and Privacy on the Internet, Fall 2000

Problem Set 4: Systems Security Out: 15 November 2000
Due: Wednesday 29 November 2000, before class

Collaboration Policy
Read this Carefully: it is different from other assignments
For this problem set, you are required to work with exactly one other person. I have assigned problem set pairs by interleaving the project teams (you might already be sick of working with your project teammates). The problem set pairs are:

Aaron Bajek (agb6w)
Rob Rex (rgr5j)
Daniel George Loffredo (dgl4b)
Jamie Walls (jwalls)
Jae Woo Pak (jwp2k)
Gregory Kish (gsk6y)

William GJ Halfond (wgh4w)
Jorge Estrada Collado (je3c)
Adam Scott Trost (ast9d)
Jagadesh Gadiyaram (jvg3f)
Dev Batta (db9n)
Greg Lamm (gal4y)

Son Truong Ho (sth9p)
Gerlando Falauto (gf3d)
Adam Spanberger (ajs6v)
William Haubert (whh3n)
Kristen Rae Olvera (kro5u)
Victor Von Ludwig (vvl5q)

Mike Lanouette (mjl6d)
Timothy Catlett (tdc3a)
Ryan Hammond (rdh3n)
Elizabeth Partridge (eap3r)
Andrew Snyder (ams6x)
William Greenwell (daemar)

Carl Morris (cmorris)
Virginia Volk (vav4r)
Tran Ngoc ("Ken") Nguyen
(keng6civcx@yahoo.com)
Jennifer Kahng (jnk7s)
Brandon Sutler (mbs7d)
David Dobbs (djd5n)

Sachin Kamath (snk5p)
Ryan Persaud (rkp4k)
Vineet Aggarwal (vka2b)
Jon Axisa (jca5g)
Christopher Hayden (cmh7r)
James Tsai (jtsai)

John Loizeaux (jdl4a)
Dave Rubens (dsr3f)
Matthew Keller (mdk6c)
Philip Varner (pev5b)
William Foster (wjf4p)
James Watson (jvw3n)

Dan Rubin (der7s)
Jermaine McDonald (jmm5d)

Each problem set pair will turn in exactly one problem set. Both members of the pair will receive the same grade. You should work on the problem set as a team, not by delegating individual problems to different people and stapling the results together. It is recommended that you work using the following protocol:

Each person thinks independently about the problems.
Meet together and discuss your ideas.
Delegate responsibilities for deeper thought/research and writing up to individuals.
Edit and critique each other's answers.
Repeat steps 3 and 4 as necessary to obtain good final answers.

Because you are working in pairs, I will naturally expect all answers to be thoughtful, well organized, clearly expressed, technically flawless, and brilliantly creative.

1. Security Design Principles (50 points)

Select one of the following systems:

Java JDK 1.2 described in Li Gong, M. Mueller, H. Prafullchandra, and R. Schemers. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, California, December 1997.
Java Stack Introspection, described in Dan S. Wallach, Dirk Balfanz, Drew Dean and Edward W. Felten. Extensible Security Architectures for Java. ACM Symposium on Operating Systems Principles, October 1997.
Naccio, described in David Evans and Andrew Twyman, Flexible Policy-Directed Code Safety. IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.
Proof-Carrying Code, described in George Necula. Proof-Carrying Code. ACM Symposium on Principles of Programming Language, 1997.

Follow links on the problem set to find these papers. If you wish to evaluate a different system from the choices listed above, that's probably okay, but consult with Dave first.
Evaluate how well the system satisfies the eight design principles identified in the Saltzer and Schroeder paper (economy of mechanism, fail-safe defaults, etc.). If the system does a poor job of satisfying a particular design principle, either suggest modifications to it that would better satisfy the design principle or argue that the system's designers had a good reason for violating the design principle. Feel free to consult additional sources as necessary.

2. Risks (35)
Visit the Risks archives at http://catless.ncl.ac.uk/Risks. Find an article that is interesting and relevant to this course (almost all of them are). Remember to include the original article (or group of related articles) in your answer.
Describe the security vulnerability described in the article. Is it an instance of a more general problem? Suggest solutions that would decrease the likelihood of similar problems occuring in the future, or limit the harm that would result. Evaluate the proposed solutions.

3. Naming (15)
The name of this course is Security and Privacy on the Internet: Keeping Secrets, Thwarting Imposters and Disarming Malicious Code.
Suggest and justify a better name for the course. Your suggestion may also include changing the content or emphasis of the course. If so, you should also argue in support of the content changes.
Worth up to an additional 50 bonus points if I decide to use your name or follow your suggestions for next year's course.

University of Virginia
Department of Computer Science
CS 551: Security and Privacy on the Internet

David Evans
evans@virginia.edu

Aaron Bajek (agb6w) Rob Rex (rgr5j)	Daniel George Loffredo (dgl4b) Jamie Walls (jwalls)	Jae Woo Pak (jwp2k) Gregory Kish (gsk6y)
William GJ Halfond (wgh4w) Jorge Estrada Collado (je3c)	Adam Scott Trost (ast9d) Jagadesh Gadiyaram (jvg3f)	Dev Batta (db9n) Greg Lamm (gal4y)
Son Truong Ho (sth9p) Gerlando Falauto (gf3d)	Adam Spanberger (ajs6v) William Haubert (whh3n)	Kristen Rae Olvera (kro5u) Victor Von Ludwig (vvl5q)
Mike Lanouette (mjl6d) Timothy Catlett (tdc3a)	Ryan Hammond (rdh3n) Elizabeth Partridge (eap3r)	Andrew Snyder (ams6x) William Greenwell (daemar)
Carl Morris (cmorris) Virginia Volk (vav4r)	Tran Ngoc ("Ken") Nguyen (keng6civcx@yahoo.com) Jennifer Kahng (jnk7s)	Brandon Sutler (mbs7d) David Dobbs (djd5n)
Sachin Kamath (snk5p) Ryan Persaud (rkp4k)	Vineet Aggarwal (vka2b) Jon Axisa (jca5g)	Christopher Hayden (cmh7r) James Tsai (jtsai)
John Loizeaux (jdl4a) Dave Rubens (dsr3f)	Matthew Keller (mdk6c) Philip Varner (pev5b)	William Foster (wjf4p) James Watson (jvw3n)
	Dan Rubin (der7s) Jermaine McDonald (jmm5d)