Tutorial Week 13

Questions

Q1: It should be clear that disk striping can improve the data transfer rate when the strip size is small compared to the I/O request size. Is should also be clear the RAID 0 provides improved perforamnce relative to a single large disk, because multiple I/O requests can be handled in parallel. However, in this latter case, is the disk striping necessary? That is, does disk striping improve I/O request rate performance compared to a similar disk array without striping?

Q2: RAID 5 has similar read performance to RAID 0 (striping), but poorer write performance. Why?

Q3: The RC 4000 system (and other systems) have defined a tree of processes (called a process tree) such that all the descendants of a process are given resources (objects) and access rights by their ancestors only. Thus, a descendant can never have the ability to do anything that its ancestors cannot do. The root of the tree is the operating system, which has the ability to do anything. Assume the set of access rights was represented by an access matrix, A. A(x,y) defines the access rights of process x to object y. If x is a descendant of z, what is the relationship between A(x,y) and A(z,y) for an arbitrary object y?

Q4: A password may become known to other users in a variety of ways. Is there a simple method for helping users detect that such an event has occurred? Explain your answer.

Q5: Contrast Discretionary Access Control with Mandatory Access Control.

Q6: Describe the goal (and restrictions it imposes to achieve that goal) of the Bell-La Padula multilevel security policy. Do the same for the Biba policy. Can you comment on the two policies?

Q7:Even with enforced mandatory access control, why is it difficult to control information flow on a multi-tasking system?

Q8: The traditional UNIX password protection scheme uses a salt (a random n-bit number) to make it more difficult for an intruder to discover the password by encrypting common strings in advance. Does this scheme also offer increased protection against a valid user trying to crack the super-user password on a machine? Assume the password file containing the encrypted passwords is readable.

Q9: Lamport's one-time password scheme uses the passwords in reverse order. Would it not be simpler to use f(x) the first time, f(f(x)) the second time, and so on?