Weekly Note 13 - Week 19

30 April 2019

Lecture - Tuesday, May 7th.

16-19 in U82

This week we will cover the topic of Security, thus chapter 16 in the textbook.

We will have a discussion on how the exam is held, and you can signup for a preferred day and order for the exam.

We will also have a small review of the previous lecture, so this time it will be protection, and have the Kahoot as well.

Tutorial session

Thursday May 9th. 08-10 in U166 or 08-10 in U166.

Preparation:

Make a list of 10-15 keywords for a 10 min. presentation with the topic: "Security"

Prepare at home to discuss:

  1. Buffer-overflow attacks can be avoided by adopting a better programming methodology or by using special hardware support. Discuss these solutions.

  2. A password may become known to other users in a variety of ways. Is there a simple method for detecting that such an event has occurred? Explain your answer.

  3. What is the purpose of using a "salt" along with the user-provided password? Where should the "salt" be stored, and how should it be used?

  4. The list of all passwords is kept within the operating system. Thus, if a user manages to read this list, password protection is no longer provided. Suggest a scheme that will avoid this problem. (Hint: Use different internal and external representations.)

  5. Make a list of six security concerns for a bank’s computer system. For each item on your list, state whether this concern relates to physical, human, or operating-system security.

  6. What are two advantages of encrypting data stored in the computer system?

  7. Compare symmetric and asymmetric encryption schemes, and discuss under what circumstances a distributed system would use one or the other.

  8. An experimental addition to UNIX allows a user to connect a watchdog program to a file. The watchdog is invoked whenever a program requests access to the file. The watchdog then either grants or denies access to the file. Discuss pros and cons of using watchdogs for security.

  9. What commonly used computer programs are prone to man-in-the-middle attacks? Discuss solutions for preventing this form of attack.

  10. Discuss how the asymmetric encryption algorithm can be used to achieve the following goals.

    1. Authentication: the receiver knows that only the sender could have generated the message.

    2. Secrecy: only the receiver can decrypt the message.

    3. Authentication and secrecy: only the receiver can decrypt the message, and the receiver knows that only the sender could have generated the message.

In class:

Use the first 45 minutes to discuss the exercises prepared at home and your list of keywords.

The last 45 minutes, Jørn will give an introduction to Sing OS and the challenges found when implementing an operating system from scratch.

  • Chapter 16 in Operating System Concepts, Enhanced eText, 10th Edition

Material (Slides, etc.)