Questions from Operating Systems

Q: Assume a system with N job positions. For job position i

Assume a system with N job positions. For job position i, the number of individual users in that position is and the number of permissions required for the job position is a. For a traditional DAC sch...

Q: Why is logging important? What are its limitations as a security

Why is logging important? What are its limitations as a security control? What are pros and cons of remote logging?

Q: Consider an automated audit log analysis tool (e.g.,

Consider an automated audit log analysis tool (e.g., swatch). Can you propose some rules which could be used to distinguish “suspicious activities” from normal user behavior on a system for some organ...

Q: What is cache memory?

What is cache memory?

Q: In the context of an IDS, we define a false positive

In the context of an IDS, we define a false positive to be an alarm generated by an IDS in which the IDS alerts to a condition that is actually benign. A false negative occurs when an IDS fails to gen...

Q: Rewrite the function shown in Figure 15.2a so it is

Rewrite the function shown in Figure 15.2a so it is no longer vulnerable to a stack buffer overflow. Figure 15.2a:

Q: For the DAC model discussed in Section 15.3, an

For the DAC model discussed in Section 15.3, an alternative representation of the protection state is a directed graph. Each subject and each object in the protection state is represented by a node (a...

Q: Set user (SetUID) and set group (SetGID) programs

Set user (SetUID) and set group (SetGID) programs and scripts are a powerful mechanism provided by Unix to support “controlled invocation” to manage access to sensitive resources. However, precisely b...

Q: User “ahmed” owns a directory, “stuff,” containing

User “ahmed” owns a directory, “stuff,” containing a text file called “ourstuff.txt” that he shares with users belonging to the group “staff.” Those users may read and change this file, but not delete...

Q: UNIX treats file directories in the same fashion as files; that

UNIX treats file directories in the same fashion as files; that is, both are defined by the same type of data structure, called an inode. As with files, directories include a 9-bit protection string....