CS 161 Computer Security
نویسندگان
چکیده
Instructions: Submit your solution by Thursday, February 11, 11:59pm, in the drop box labelled CS161 in 283 Soda Hall. Print your name, your class account name (e.g., cs161-xy), your TA's name, the discussion section time where you want to pick up your graded homework, and " HW1 " prominently on the first page. Staple all pages together. Your solutions must be legible and the solution to each problem must be labelled clearly. You must work on your own on this homework. 1. (20 pts.) A simple web service You need to write a web service that accepts trouble reports via a web form and then forwards them to a system administrator. More specifically, the web service should take the text of a message written by the user explaining the problem and a name for the problem supplied by the user, and your program should email this information to [email protected]. You do so by invoking the mail program and providing it the problem explanation on stdin, and the problem name in the email subject via a command-line argument. Your find the following code on the web to do just this: void send_mail(char * problem_report, char * problem_name) { FILE * mail_stdin; char buf[512]; sprintf(buf, "mail-s \"Problem: %s\" [email protected]", problem_name); mail_stdin = popen(buf, "w"); fprintf(mail_stdin, problem_report); pclose(mail_stdin); } Identify at least three security problems with this code. For each problem, provide or describe an example of an input that would demonstrate or illustrate the existence of the problem. HINT: Familiarize yourself with the workings of popen() and pclose() if they are new to you. You can read the manual pages for popen() by typing man popen at a shell prompt on a Unix system. 2. (20 pts.) Security principles Identify the security principle(s) relevant to each of the following scenarios, giving a one or two sentence explanation for each: (a) At a closed event where the President will be speaking, there are security guards and metal detectors at the door, despite the presence of Secret Service agents throughout the hall.
منابع مشابه
Cybersecurity Policy Compliance: An Empirical Study of Jamaican Government Agencies
In addition to implementing technological tools, entities have adopted cybersecurity policies (CSPs) to address the rising number of employee related cybersecurity (CS) incidents. If however, employees do not understand the importance of or are unwilling to comply with CSPs, CS efforts may be in vain. This study investigates employees’ actual CS compliance behaviour. Informed by the literatures...
متن کاملThe Advanced Course in Engineering on Cyber Security
The Advanced Course in Engineering on Cyber Security (ACE-CS) is a publicprivate partnership to develop top ROTC cadets into the next generation of cyber security leaders. Modeled after the General Electric Advanced Course in Engineering, ACE-CS immerses students in the cyber-security discipline through a combination of intense coursework, open-ended problems, and concurrent internships. In thi...
متن کاملCharacterizing Payments Among Men with No Names
Damon McCoy is an assistant professor in the CS department at George Mason University. He obtained his PhD from the University of Colorado, Boulder, and his research includes work on anonymous communication systems, cyber-physical security, e-crime, and wireless privacy. [email protected] Geoffrey M. Voelker is a Professor of Computer Science at the University of California, San Diego. He w...
متن کاملComputer security in the future
Until recently, computer security was an obscure discipline that seemed to have little relevance to everyday life. With the rapid growth of the Internet, e-commerce, and the widespread use of computers, computer security touches almost all aspects of daily life and all parts of society. Even those who do not use computers have information about them stored on computers. This paper reviews some ...
متن کاملEducating Next-Gen Computer Scientists
Algorithms, data structures, OSs, database design, compiler design, and programming languages were once the core ingredients of computer science (CS) education—until universities ignited the computer technology revolution by producing the inventors of Yahoo, Google, Facebook, and others. So, is commercial technology forcing CS curriculums to adapt, or are curriculums so rigid that they ignore v...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014