IY5512R Computer Security: Access Control, Malware & Memory Management
VerifiedAdded on 2023/06/15
|27
|7709
|240
Homework Assignment
AI Summary
This assignment delves into various aspects of computer security, starting with access control mechanisms like the access control matrix, ACLs, and capabilities, highlighting their advantages and disadvantages. It explains the Windows access control system, detailing the roles of the Security Reference Monitor (SRM), Access Control Lists (ACLs), Access Control Entries (ACEs), and Security Identifiers (SIDs). The assignment further discusses malware types, buffer overflow vulnerabilities and mitigation techniques such as fuzzing and stack guards, and type safety concepts. Additionally, it covers virtual vs. physical addresses, the importance of virtual memory management, privilege levels in processors, and DMA attacks along with Intel Trusted Execution Technology (TXT) as a countermeasure. Password security risks and arc injection attacks are also addressed. Desklib offers a wealth of similar resources for students.
Running head: Computer Security
Computer security
Computer security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Computer Security 2
Computer Security 3
Table of Contents
I Module...................................................................................................................................................3
II Module.................................................................................................................................................7
III Module.............................................................................................................................................11
IV Module.............................................................................................................................................16
V Module..............................................................................................................................................20
References..............................................................................................................................................25
Table of Contents
I Module...................................................................................................................................................3
II Module.................................................................................................................................................7
III Module.............................................................................................................................................11
IV Module.............................................................................................................................................16
V Module..............................................................................................................................................20
References..............................................................................................................................................25
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Computer Security 4
I Module
Answer to question no. 1
(a)Access control matrix- It is a security model used for protection of computer system which
defines the right of each object in the system. It is an array to keep the data secure like date,
time, location, identity and previous records and information is safeguarded from everyone
except the one who need to low. This approach is used in practise as it provides permission of
concrete access. Access to any type of information is regulated by access control matrix and
limits electronic access to a network, computer, and digital file by an unauthorised user.
(b) Access control list (ACL) store column of matrix with the resource and widely used in
groups where in capabilities are used to hold a ticket to use each of the resource. Access
control list is associated with each object in the system and provide authentication to object in
the list. Capabilities are random bit of sequence which is managed by operating System which
can be passed from one process to another. ACL and capability is related to Access control
matrix as it indicates who is allowed to perform, what function can be done,who can read,
write or manipulate the information.
Advantages and Disadvantages- ACL has set of accessible objects which are not bounded and
is based on the users, but in case of ACL there are chances of worms, virus and stack overflow
attacks. In case of Capability every process has a specific set of access rights also deleting a
operator from the list to access the resource can’t be done by capability. In short it provides
varying levels of security and prevention from thefts.
(c) Windows access control system out performs todays standard offerings in terms of
expandability, flexibility and performance. Windows access control system is based on
latest .net software platform. Process- It segregates all the information of its security token
STS, STS access an incorruptible gateway within an authentication system. Future, security
token is a digital key which authorize a person access to security gate.
I Module
Answer to question no. 1
(a)Access control matrix- It is a security model used for protection of computer system which
defines the right of each object in the system. It is an array to keep the data secure like date,
time, location, identity and previous records and information is safeguarded from everyone
except the one who need to low. This approach is used in practise as it provides permission of
concrete access. Access to any type of information is regulated by access control matrix and
limits electronic access to a network, computer, and digital file by an unauthorised user.
(b) Access control list (ACL) store column of matrix with the resource and widely used in
groups where in capabilities are used to hold a ticket to use each of the resource. Access
control list is associated with each object in the system and provide authentication to object in
the list. Capabilities are random bit of sequence which is managed by operating System which
can be passed from one process to another. ACL and capability is related to Access control
matrix as it indicates who is allowed to perform, what function can be done,who can read,
write or manipulate the information.
Advantages and Disadvantages- ACL has set of accessible objects which are not bounded and
is based on the users, but in case of ACL there are chances of worms, virus and stack overflow
attacks. In case of Capability every process has a specific set of access rights also deleting a
operator from the list to access the resource can’t be done by capability. In short it provides
varying levels of security and prevention from thefts.
(c) Windows access control system out performs todays standard offerings in terms of
expandability, flexibility and performance. Windows access control system is based on
latest .net software platform. Process- It segregates all the information of its security token
STS, STS access an incorruptible gateway within an authentication system. Future, security
token is a digital key which authorize a person access to security gate.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Computer Security 5
Role of Security Reference Monitor (SRM)- It defines set of access control policies on a
system to ensure access by authenticated user. It provides sequence to work with access
control.
Role of Access Control Lists(ACLs) and Access Control Entries (ACEs) – ACL is sued to
determine which object has what security and defines what functions can be done future who
can read, write or manipulate the information. ACEs are entries in access control list which
contains the access rights information related to each user in the system.
Role of Security Identifiers (SIDs)- Each user is linked to a unique Id which is used to
authorizing the identity of a user uniquely.
(d) Access control model for information is used for protecting resource and also control the
permission of the file. It focuses on security issues using security labels that denote security
classes. Security label is a gate for the sensitivity of data, if the user don’t clear the gate it
cannot access the information of the system (Choi & Kim, 2014).
Answer to question no. 3
(a) Malware is also known as ‘malicious software’. It often gets installed in our computers
without our prior knowledge and decreases the performance of the system, redirects to other
pages automatically and so on. Malware do things like stealing personal information like credit
cards numbers or password delete some information; attack other network or sending spam
mails. Some examples are viruses, worms, spyware, adware and Trojans. Viruses are software
that are created to damage or harm the system where in Worms infects computer and make it
very slow.
(b) Real life example of worm and viruses: MyDoom it is spreading via E-mail, it is junk in a
amil file it progates in other system and injects the other system also. Sasser is a worm which
spreads and inject the system by scanning the IP address and downloading the virus I the
personal systems.
Role of Security Reference Monitor (SRM)- It defines set of access control policies on a
system to ensure access by authenticated user. It provides sequence to work with access
control.
Role of Access Control Lists(ACLs) and Access Control Entries (ACEs) – ACL is sued to
determine which object has what security and defines what functions can be done future who
can read, write or manipulate the information. ACEs are entries in access control list which
contains the access rights information related to each user in the system.
Role of Security Identifiers (SIDs)- Each user is linked to a unique Id which is used to
authorizing the identity of a user uniquely.
(d) Access control model for information is used for protecting resource and also control the
permission of the file. It focuses on security issues using security labels that denote security
classes. Security label is a gate for the sensitivity of data, if the user don’t clear the gate it
cannot access the information of the system (Choi & Kim, 2014).
Answer to question no. 3
(a) Malware is also known as ‘malicious software’. It often gets installed in our computers
without our prior knowledge and decreases the performance of the system, redirects to other
pages automatically and so on. Malware do things like stealing personal information like credit
cards numbers or password delete some information; attack other network or sending spam
mails. Some examples are viruses, worms, spyware, adware and Trojans. Viruses are software
that are created to damage or harm the system where in Worms infects computer and make it
very slow.
(b) Real life example of worm and viruses: MyDoom it is spreading via E-mail, it is junk in a
amil file it progates in other system and injects the other system also. Sasser is a worm which
spreads and inject the system by scanning the IP address and downloading the virus I the
personal systems.
Computer Security 6
(d) (i) Buffer overflow is when data overwrites the memory locations as there is no space
available in the memory. Attacker uses this for purposely for crashing the target system as
buffer overflow leads to changing the layout of a program by replacing it with some malicious
code. Buffer overflow is one of the weaknesses of security as it enables hacker to modify the
internal variables. It leads to vulnerabilities as the additional data may contain malicious code
which may result in unofficial access to the organization. Attacker tries to exploit the buffer
overflow to change the architecture and operating system.
(ii) To reduce the risk of buffer overflow process known as fuzzing is used to check if the
system accepts additional data or not. Stack Guard is a complier used to prevent and stop
stack buffer overflow. If the attacker tries to overwrite the buffer section, it won’t be possible.
Other than that there are some tools used to identify buffer overflow. Functions like strncpy()
is used for prevention as it examine and eliminates bugs from the software. As removing bugs
from a program is not feasible but using these functions it is possible to some extent.
(e) Type safety is used to prevent type errors that usually occur due to different data types. It
ensures that the program is well defined and behaves properly. C, C++ is not at type safe
language wherein the platform of Java, Python and Ruby is type safe. Type safety ensures that
operations of an object are always compatible and the program will not go wrong at the run
time. It is useful as it shows the strength by enforcing variants in the program, and enforces
abstract types which characterize the modules and keep it hidden from clients.Type safety
enforces garbage collection which avoids temporal violations of memory but uses more
memory.
Answer to question no. 4
(a) An address is used to refer to a location in computer memory
(i) Fundamental difference between virtual and physical address is that virtual address is
generated during the execution of a program by CPU. It is not possible to access the physical
address directly by the user where logical address can be used to access the physical address.
(d) (i) Buffer overflow is when data overwrites the memory locations as there is no space
available in the memory. Attacker uses this for purposely for crashing the target system as
buffer overflow leads to changing the layout of a program by replacing it with some malicious
code. Buffer overflow is one of the weaknesses of security as it enables hacker to modify the
internal variables. It leads to vulnerabilities as the additional data may contain malicious code
which may result in unofficial access to the organization. Attacker tries to exploit the buffer
overflow to change the architecture and operating system.
(ii) To reduce the risk of buffer overflow process known as fuzzing is used to check if the
system accepts additional data or not. Stack Guard is a complier used to prevent and stop
stack buffer overflow. If the attacker tries to overwrite the buffer section, it won’t be possible.
Other than that there are some tools used to identify buffer overflow. Functions like strncpy()
is used for prevention as it examine and eliminates bugs from the software. As removing bugs
from a program is not feasible but using these functions it is possible to some extent.
(e) Type safety is used to prevent type errors that usually occur due to different data types. It
ensures that the program is well defined and behaves properly. C, C++ is not at type safe
language wherein the platform of Java, Python and Ruby is type safe. Type safety ensures that
operations of an object are always compatible and the program will not go wrong at the run
time. It is useful as it shows the strength by enforcing variants in the program, and enforces
abstract types which characterize the modules and keep it hidden from clients.Type safety
enforces garbage collection which avoids temporal violations of memory but uses more
memory.
Answer to question no. 4
(a) An address is used to refer to a location in computer memory
(i) Fundamental difference between virtual and physical address is that virtual address is
generated during the execution of a program by CPU. It is not possible to access the physical
address directly by the user where logical address can be used to access the physical address.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Computer Security 7
Physical address deals with load time address binding wherein virtual address deals with
compile time address binding.
(ii) Using Virtual management system is very important as it helps in clearing the shared
memory space. Also if the application is not in use, freeing it in turn increase memory isolation
by using the technique of paging. (a) It eliminates the concept of external fragmentation as
pages are mapped automatically. (b) Also allocating the memory is cheap and efficient and is
part of memory management as it creates virtual memory space for the system.
(b) (i) Privileges level are used by processor to grant different access rights to the user. As each
user cannot be granted with all the permission, thus using these privileges level by the
processor limited access is provided.
(ii) There are three privileges level, zero level allow the user to access all the commands and
information, then user level is used to provide limited access to user by granting read only
permission, then last is privileged level that grants complete control over the system.
(iii) The new Intel processor privilege level has four levels now, in which an zero level is
assigned to operating system of kernel and ring 3 is used by users. If a program is designed to
operate in zero level it cannot be used outside the assigned privilege level.
(c)(i) DMA is an attack which violets computer security as an attacker can penetrate in the
system. If a device is using DMA an unimpeded access to some address space would bypass
security measures by installing malwares in the system, access the encryption keys violating
confidentiality. Other than that a proper synchronization mechanism is needed in the device to
avoid accessing non updated information. It sometimes leads to cache coherency problem if
the data stored in RAM is not updates with the correct data in cache.
(ii) Intel Trusted Execution Technology (Intel TXT) has primarily goals of providing
authenticity to operating system and creates a secure environment. Intel processor partitions the
protected data, the protected partition cannot be modified from other processor thus protect it
Physical address deals with load time address binding wherein virtual address deals with
compile time address binding.
(ii) Using Virtual management system is very important as it helps in clearing the shared
memory space. Also if the application is not in use, freeing it in turn increase memory isolation
by using the technique of paging. (a) It eliminates the concept of external fragmentation as
pages are mapped automatically. (b) Also allocating the memory is cheap and efficient and is
part of memory management as it creates virtual memory space for the system.
(b) (i) Privileges level are used by processor to grant different access rights to the user. As each
user cannot be granted with all the permission, thus using these privileges level by the
processor limited access is provided.
(ii) There are three privileges level, zero level allow the user to access all the commands and
information, then user level is used to provide limited access to user by granting read only
permission, then last is privileged level that grants complete control over the system.
(iii) The new Intel processor privilege level has four levels now, in which an zero level is
assigned to operating system of kernel and ring 3 is used by users. If a program is designed to
operate in zero level it cannot be used outside the assigned privilege level.
(c)(i) DMA is an attack which violets computer security as an attacker can penetrate in the
system. If a device is using DMA an unimpeded access to some address space would bypass
security measures by installing malwares in the system, access the encryption keys violating
confidentiality. Other than that a proper synchronization mechanism is needed in the device to
avoid accessing non updated information. It sometimes leads to cache coherency problem if
the data stored in RAM is not updates with the correct data in cache.
(ii) Intel Trusted Execution Technology (Intel TXT) has primarily goals of providing
authenticity to operating system and creates a secure environment. Intel processor partitions the
protected data, the protected partition cannot be modified from other processor thus protect it
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Computer Security 8
from DMA. Similarly, Intel chipset provides isolation to data sets to ensure the protection of
data also various Authenticated Code modules generates secure cryptography keys and
provides trusted environment at runtime.
II Module
Answer to question no. 1
(a) (i) Buffer overflow is a type of attack where certain section of memory is overwritten
with more data that the amount of data can be fitted. This in turn spills the memory area
automatically and manages the overflow.
(ii) Buffer overflow is caused due to malicious attacker who sends wrong input in the
program and attempts to store in the buffer which is not large enough. Buffer flow is
caused as some languages do not have any built in protection against overwriting data in
the memory.
(iii) Buffer overflow can be reduced by using a process known as fuzzing, which checks that
the system is not accepting additional data. Stack Guard complier can be used to stop buffer
overflow, as when the attacker tries to overwrite the buffer section, it is not possible. Other
functions like strncpy() is used to avoid and eliminate the bugs from the software.
(b) (i) If an incompatible operand is passed to a function, which cannot be handled by the data
type causes type error. It also causes vulnerabilities in software; there are two type of errors
type1 and type2. Type1 inserts incorrect value and type2 create virtual existence of the thing
that is not present. It doesn’t resemble the usual data types used like strings, arrays, objects and
Java script function. Type Error is usual caused due to using wrong data types or operations.
(ii) Type safety uses complier to automatically check the type at the time of compiling and
throws an error if the assigned data type to the variable is not correct. It help in providing
from DMA. Similarly, Intel chipset provides isolation to data sets to ensure the protection of
data also various Authenticated Code modules generates secure cryptography keys and
provides trusted environment at runtime.
II Module
Answer to question no. 1
(a) (i) Buffer overflow is a type of attack where certain section of memory is overwritten
with more data that the amount of data can be fitted. This in turn spills the memory area
automatically and manages the overflow.
(ii) Buffer overflow is caused due to malicious attacker who sends wrong input in the
program and attempts to store in the buffer which is not large enough. Buffer flow is
caused as some languages do not have any built in protection against overwriting data in
the memory.
(iii) Buffer overflow can be reduced by using a process known as fuzzing, which checks that
the system is not accepting additional data. Stack Guard complier can be used to stop buffer
overflow, as when the attacker tries to overwrite the buffer section, it is not possible. Other
functions like strncpy() is used to avoid and eliminate the bugs from the software.
(b) (i) If an incompatible operand is passed to a function, which cannot be handled by the data
type causes type error. It also causes vulnerabilities in software; there are two type of errors
type1 and type2. Type1 inserts incorrect value and type2 create virtual existence of the thing
that is not present. It doesn’t resemble the usual data types used like strings, arrays, objects and
Java script function. Type Error is usual caused due to using wrong data types or operations.
(ii) Type safety uses complier to automatically check the type at the time of compiling and
throws an error if the assigned data type to the variable is not correct. It help in providing
Computer Security 9
secure environment as it do not allow to access any private memory location or member whose
permission is not granted to be accessed. It makes sure that objects are isolated from one
another. Thus type safety creates a safe environment and avoids chances of attack.
(c) (i)Arc injection attack inject a jump to redirect the execution of a program t some other
code area in the memory. It is also known as return to libc attack where library as lot of
predefined codes that re useful for the attacker which provides type definitions, string handling
mechanism, memory allocation and other operating system services. Because of availability of
the large number of functions libc's codes are used instead of using code injection technique.
(ii) There are various compliers which are used to identify stack problems. Like using -fstack
function is useful as it provides solution for the worst condition by using canary space
fundamental. Canary space is used at the end of the stack so that data can be written after it has
been modified. Another method is using CPU watchpoints, it a way to look at the canary space
condition for accessing it. This software implementation is used to check the availability of
canary space automatically after predefined intervals so that problem of buffer overflow
doesn’t occur.
Answer to question no.3
(i) If the password is communicated through an insecure root or stored in the insecure network
may lead to malicious user accessing the data. Any hostile user may enter the system and track
all the information which destroys the confidentiality of the information (Du, 2011).
(ii) The risk of password can be reduced by using the password on the secure
environment. When the password is shared over network it is encrypted so that no third
party user can track it.
secure environment as it do not allow to access any private memory location or member whose
permission is not granted to be accessed. It makes sure that objects are isolated from one
another. Thus type safety creates a safe environment and avoids chances of attack.
(c) (i)Arc injection attack inject a jump to redirect the execution of a program t some other
code area in the memory. It is also known as return to libc attack where library as lot of
predefined codes that re useful for the attacker which provides type definitions, string handling
mechanism, memory allocation and other operating system services. Because of availability of
the large number of functions libc's codes are used instead of using code injection technique.
(ii) There are various compliers which are used to identify stack problems. Like using -fstack
function is useful as it provides solution for the worst condition by using canary space
fundamental. Canary space is used at the end of the stack so that data can be written after it has
been modified. Another method is using CPU watchpoints, it a way to look at the canary space
condition for accessing it. This software implementation is used to check the availability of
canary space automatically after predefined intervals so that problem of buffer overflow
doesn’t occur.
Answer to question no.3
(i) If the password is communicated through an insecure root or stored in the insecure network
may lead to malicious user accessing the data. Any hostile user may enter the system and track
all the information which destroys the confidentiality of the information (Du, 2011).
(ii) The risk of password can be reduced by using the password on the secure
environment. When the password is shared over network it is encrypted so that no third
party user can track it.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Computer Security 10
(b) Biometric system is used in security purpose as it works by mapping the pattern of
human with the use of advanced technology. The architecture of biometric basically
connects software and hardware components. Finger print is one of the biometric system,
which include various components.
Sensor- It captures the digital image of finger which is future processed and stored in the
database for identifying the correct user. Verifying the correct user helps in attaining a
good security.
Processor- The stored mage in the database is minutely observed and processed as the
security relies in matching the input minutely. The scanned input is future processed like
performing segmentation, normalization and estimating the frequency of image which is
future applied to enhance the quality of image for extraction.
Extractor- Finding the similarity and finding the correct match, is done using the concept
of crossing number.
Identification- finally identifying the correct user by matching the finger prints and
identifying it helps people to save time. Only the correct user is identified and granted
the access to information.
(c) Type I error occurs when authenticated user gets rejected because biometric system
doesn’t recognize it and Type II error occurs when an unauthorized user gets an access. Type I
error can be controlled as the value of alpha is 0.05 that means only 5% would be rejected.
Type II probability is denoted by beta which has value more than alpha.
(d) (i) S-KEY is a one-time password system; the password is used for user authentication.
Always a unique password is generated and S-key stores all the passwords used. User selects a
unique secret password and uses it for authentication. S –Key are used for multiple applications
to produce one-time password. It hosts the password by using hash function and compares the
result with the previous results.
(b) Biometric system is used in security purpose as it works by mapping the pattern of
human with the use of advanced technology. The architecture of biometric basically
connects software and hardware components. Finger print is one of the biometric system,
which include various components.
Sensor- It captures the digital image of finger which is future processed and stored in the
database for identifying the correct user. Verifying the correct user helps in attaining a
good security.
Processor- The stored mage in the database is minutely observed and processed as the
security relies in matching the input minutely. The scanned input is future processed like
performing segmentation, normalization and estimating the frequency of image which is
future applied to enhance the quality of image for extraction.
Extractor- Finding the similarity and finding the correct match, is done using the concept
of crossing number.
Identification- finally identifying the correct user by matching the finger prints and
identifying it helps people to save time. Only the correct user is identified and granted
the access to information.
(c) Type I error occurs when authenticated user gets rejected because biometric system
doesn’t recognize it and Type II error occurs when an unauthorized user gets an access. Type I
error can be controlled as the value of alpha is 0.05 that means only 5% would be rejected.
Type II probability is denoted by beta which has value more than alpha.
(d) (i) S-KEY is a one-time password system; the password is used for user authentication.
Always a unique password is generated and S-key stores all the passwords used. User selects a
unique secret password and uses it for authentication. S –Key are used for multiple applications
to produce one-time password. It hosts the password by using hash function and compares the
result with the previous results.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Computer Security 11
(ii) If the attacker impersonated the host than it will track the flow of traffic on the
network or can trace the flow of data over the network and can silently read the
information via host.
Answer to question no. 4
(a) (i) Example- Like Alice can rw the file ‘result.doc’ it means that Alice can read and
write In the file but don’t have write to execute the file. Similarly If bob is granted with
the permission of rx that means Bob can read and execute the file, but it cannot make
any changed in the file.
(ii) Access mask is used to describe access rights which specify that the request is
granted to an object or it can access the object or not. Access mask make sure that
access right assigned are used correctly.
(b) The Reference Monitor can decide whether it is a subject or an object via security
model. If an access request is received in the form of subject than reference monitor
concludes that subject has referenced an object.
(c) (i) Role based operating system regulates the access of user to network and the system.
In RBAC user acquire the role of the system, by using the acquired role it access the
object of the system.
Subject is basically defined as person or agent who wants to access the information,
Role is a job function that defines the authority level of access, or it is organizational
function with a clear definition of inherent responsibility and authority.
Permission is mode of accessing the file that is read, write or execute. Permission is
assigned to role, and by using this permission it is determined that the user is allowed to
access the data in the system or not. User-role permission makes the work simple to
perform user assignment.
(ii) If the attacker impersonated the host than it will track the flow of traffic on the
network or can trace the flow of data over the network and can silently read the
information via host.
Answer to question no. 4
(a) (i) Example- Like Alice can rw the file ‘result.doc’ it means that Alice can read and
write In the file but don’t have write to execute the file. Similarly If bob is granted with
the permission of rx that means Bob can read and execute the file, but it cannot make
any changed in the file.
(ii) Access mask is used to describe access rights which specify that the request is
granted to an object or it can access the object or not. Access mask make sure that
access right assigned are used correctly.
(b) The Reference Monitor can decide whether it is a subject or an object via security
model. If an access request is received in the form of subject than reference monitor
concludes that subject has referenced an object.
(c) (i) Role based operating system regulates the access of user to network and the system.
In RBAC user acquire the role of the system, by using the acquired role it access the
object of the system.
Subject is basically defined as person or agent who wants to access the information,
Role is a job function that defines the authority level of access, or it is organizational
function with a clear definition of inherent responsibility and authority.
Permission is mode of accessing the file that is read, write or execute. Permission is
assigned to role, and by using this permission it is determined that the user is allowed to
access the data in the system or not. User-role permission makes the work simple to
perform user assignment.
Computer Security 12
(ii) Hierarchal RBAC provides additional support of inheritance between roles like an
inheritance relation among roles. Inheritance can be described in terms of permissions that is r1
“inherits” role r2 if all privileges of r2 are also privileges of r1. It composes the role from
multiple subordinate roles and defines the relations and roles that are intended to be
represented. Then it provide uniform treatment of user or role assignment, which can be
included in the role hierarchy, using the same relation to denote the user assignment to roles,
as well as permission inheritance from a role to its assigned users.
III Module
Answer to question no. 3
(a)
(i) Buffer overflow is a program where writing data in buffer exceeds the buffer boundary
which in turn overwrites the exciting data with the new one as buffer is not able to handle the
extra data.
(ii) Buffer overflow can be caused like in s7case of stack when the size is predefined and if
additional data is entered in the stack will lead to overflow. Similarly, if the size of a file is
fixed it cannot store additional data in it, if data is entered are than the defined capacity will
lead to buffer overflow.
(iii) Risk of buffer overflow can be avoided by using safe libraries as in C, C++ buffer
overflow is very common thus high degree of correctness can be maintained by using standard
library functions. These standard library functions automatically take cares of buffer
management and reducing the chances of buffer overflow. Also by using pointer protection as
(ii) Hierarchal RBAC provides additional support of inheritance between roles like an
inheritance relation among roles. Inheritance can be described in terms of permissions that is r1
“inherits” role r2 if all privileges of r2 are also privileges of r1. It composes the role from
multiple subordinate roles and defines the relations and roles that are intended to be
represented. Then it provide uniform treatment of user or role assignment, which can be
included in the role hierarchy, using the same relation to denote the user assignment to roles,
as well as permission inheritance from a role to its assigned users.
III Module
Answer to question no. 3
(a)
(i) Buffer overflow is a program where writing data in buffer exceeds the buffer boundary
which in turn overwrites the exciting data with the new one as buffer is not able to handle the
extra data.
(ii) Buffer overflow can be caused like in s7case of stack when the size is predefined and if
additional data is entered in the stack will lead to overflow. Similarly, if the size of a file is
fixed it cannot store additional data in it, if data is entered are than the defined capacity will
lead to buffer overflow.
(iii) Risk of buffer overflow can be avoided by using safe libraries as in C, C++ buffer
overflow is very common thus high degree of correctness can be maintained by using standard
library functions. These standard library functions automatically take cares of buffer
management and reducing the chances of buffer overflow. Also by using pointer protection as
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 27
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.