CS460 Homework 4

• (5 pts.) In a ring-protection system, level 0 has the greatest access to objects, and level n (where n > 0) has fewer access rights. The access rights of a program at a particular level in the ring structure are considered a set of capabilities. What is the relationship between the capabilities of a domain at level j and a domain at level i to an object (for j > i)? 


Answer: D_j is a subset of D_i.

• (5 pts.) Discuss the strengths and weaknesses of implementing an access matrix using access lists that are associated with objects and the strengths and weaknesses of implementing an access matrix using capabilities that are associated with domains. 


Answer:

Access List

Strength – by storing an access list with each object, we also store the access privileges for each object meaning that we can easily revoke or accept (expand) privileges in a localized way.

Weakness – by storing the access list, we have to check each time the object is being accessed, to see if the requesting domain is on the list. This adds a lot of overheard to our processing time each time an object is being accessed or requested.

Capabilities

Strength – easy flexibility, we just need to check the authenticity of a capability. We can also pass around capabilities from one domain to another.

Weakness – we have little control over capabilities, we cannot easily remove or revoke a capability or restrict the flow.

• (5 pts.) Buffer-overflow attacks can be avoided by adopting a better programming methodology or by using special hardware support. Discuss these solutions.



Answer:

The easiest way to prevent this is by eliminating the possibility of executing code in a stack segment of a process. This is because the way buffer-overflow attacks occur – where the buffer overflows, overwrites the return address, sends the pointer to another (random) segment that contains some malicious code to be executed. Therefore, by not allowing executing in the stack frame, there is no way to successfully attack using buffer-overflow.

Another really simple (and arguably better) solution is to check the bounds of an array. By not allowing overflow altogether, we eliminate the problem. Although, it does add runtime to our processes, as we would have to bound check with every call.

• (5 pts.) A password may become known to other users in a variety of ways. Is there a simple method for detecting that such an event has occurred? Explain your answer. 


Answer:

Time stamp showing the last time the user has signed in. This way, every time a user signs on they are aware of any strange activity with their account. They didn’t sign in this morning at 2 am? The user would know that and flag their account and change passwords.

• (5 pts.) Is it always crucial to know that the message you have sent has arrived at its destination safely? If your answer is “yes”, explain why. If your answer is “no”, give appropriate examples. 


Answer:

No. It’s not crucial. An example would be, using an API. You send a message requesting information and if no reply comes back, then we know it’s safe to assume that the website is not available at the moment. It’s not an absolute necessity to know if the message arrived. Another example is a program that determines if a remote site is running and accessible over the network. If we send a query (much like an api) and don’t receive a reply, we know it’s not running and accessible.

• (5 pts.) A distributed system has two sites, A and B. Consider whether site A can distinguish among the following: 


1. B goes down. 


Answer: Periodically (at set times send a message to A that says, “I am up” or something to that effect. This way A periodically knows (and is reassured) that B is up and running.

1. The link between A and B goes down. 


Answer: Instead of waiting for B to respond, we send B a request, “Are you up?” and B responds, no response? Try a different channel (different network link), if a response comes back, then the network is down.

1. B is extremely overloaded, and its response time is 100 
times longer than normal. 


Answer: Since we already know that B is up by using the message system up top, then we set some bound on a normal response time. If B exceeds that response time bound, then we know if is overloaded.

What implications does your answer have for recovery in distributed systems?

Answer: A could choose to use a different host instead of B if it goes down, it’s unreachable (network down), or it is overloaded.

7. (10 pts.) Read Chapter 16 and answer the following questions.

(a) Three virtualization techniques are available, including full virtualization using binary translation, OS assisted virtualization or paravirtualization, and hardware assisted virtualization. Please discuss the strengths and weaknesses of the techniques.

Answer:

Binary Translation

Strengths

Weaknesses

OS Assisted Virtualization

Strengths

Weaknesses

Hardware Assisted Virtualization

Strengths

Weaknesses

(b) Please explain why using dynamic binary translations to implement VMM may slow down kernel-level function calls.

Answer: A dynamic translation can’t perfectly duplicate a privileged system call or set of instructions. So what will have happen, is that the binary translator will substitute the call target address with the translated set of instructions and translated code. This is a workaround, but it has a lot of overhead with each function call, as it must replace and translate very set of calls. We avoid hash table lookups but increase runtime for function calls.

8. (10 pts.) Read the article “Linux at 25: Why It Flourished While Others Fizzled” (http://spectrum.ieee.org/computing/software/linux-at-25-why-it- flourished-while-others- fizzled?bt_alias=b%27eyJ1c2VySWQiOiAiOGU0ZmNhYzEtM DMxYS00NTk1L Tg2OWMtNTFlZWFlNzBmODZlIn0=%27) and summarize the reasons of Linux’s success.