Protection and Security

Question 1

The OS manages a collection of ________ and _______

Answer 1

hardware, software

Question 2

Hardware-wise, the OS manages…

Answer 2

CPU, memory segments, disks, printer, etc

Question 3

Software-wise, the OS manages…

Answer 3

files, semaphores, etc

Question 4

Each object the OS manages can be accessed through a set of ________

Answer 4

operations

Question 5

The OS needs to ensure each object is accessed _________ and only by those with the proper __________

Answer 5

correctly, permissions

Question 6

What is the Least Privilege Principle?

Answer 6

Programs, users and systems should be given just enough privileges to perform their tasks

Question 7

What is the Need to Know Principle?

Answer 7

At any time, a process should be able to access only those resources that it currently requires to complete its task

Question 8

______ decide what will be done

Answer 8

policies

Question 9

Mechanisms determine _____ something will be done

Answer 9

how

Question 10

A domain in this context refers to a set of _____ ______

Answer 10

access rights

Question 11

A process operates within a ________ _______

Answer 11

protection domain

Question 12

A right-set is a subset of all the ______ ________ that can be performed on the object

Answer 12

valid operations

Question 13

Processes can switch from one ______ to another to access objects or perform needed operations

Answer 13

domain

Question 14

In static association, processes remains in their domains ________

Answer 14

forever

Question 15

Which principle is difficult to maintain using static association?

Answer 15

Need-to-know principle

Question 16

In dynamic association, processes can switch ______

Answer 16

domains

Question 17

What are the 3 levels of domains?

Answer 17

• User
• Process
• Procedure

Question 18

In user domains, access depends on _______ and domain switching is the same as user ________

Answer 18

userID, switching

Question 19

In process domains, access depends on _______ and domain switching is the same as ______ ________

Answer 19

processID, message passing

Question 20

In procedure domains, access depends on _______ _________ and domain switching is the same as _______ calls

Answer 20

local variables, procedure

Question 21

We can view protection as an _______ matrix

Answer 21

access

Question 22

In an access matrix, rows represent _______ and coloumns represent ________

Answer 22

domains, objects

Question 23

Entries in the access matrix define the set of ________ that a process executing in domain i can invoke on object j

Answer 23

operations

Question 24

To incorporate domain switching in our access matrix, we consider domains as _____ and add a _______ right to them

Answer 24

objects, switch

Question 25

The entries of the access matrix are ________

Answer 25

dynamic

Question 26

what are 3 special access right we can give in the access matrix?

Answer 26

• Copy access right R on object Oi (R*)
• Owner of object Oi
• Control of domain Di

Question 27

The access matrix separates _________ from _______

Answer 27

mechanism, policy

Question 28

What are three methods of implementing access matrices?

Answer 28

• Global Table
• Access Control List (ACL)
• Capability List

Question 29

In a global table access matrix, the matrix is large and _______

Answer 29

sparse

Question 30

In an ACL access matrix, each coloumn has a list of _______ that can access it and what type of access

Answer 30

domains

Question 31

In an ACL access matrix it is difficult to determine _______ _____ of a domain

Answer 31

access rights

Question 32

In a capability list access matrix, each row has a list of objects and what __________ are allowed on them

Answer 32

operations

Question 33

What is a con of the capability list access matrix?

Answer 33

It is difficult to revoke capabilities of an object

Question 34

Revoking access rights is easy with _________ ________ _______

Answer 34

access control lists

Question 35

What are 4 schemes to implement access right revocation?

Answer 35

• Back-pointers
• Indirection
• Requisition
• Keys

Question 36

In the back pointer revocation scheme, pointers are maintained with object to ___________

Answer 36

capabilities

Question 37

In the indirection revocation scheme, capabilities point to an entry in a _______ ______ and requires a search to be deleted

Answer 37

global table

Question 38

In the _________ revocation scheme, the OS periodically deletes capabilities from each domain

Answer 38

requisition

Question 39

In the key revocation scheme, capabilities are copies of master ______ and revocation is done how?

Answer 39

keys. Changing the master key

Question 40

______ ______ _____ can be time-consuming to search

Answer 40

Access control lists

Question 41

What 3 classes does UNIX has to condense ACLs?

Answer 41

• Owner
• Group
• Universe

Question 42

____ bits are used for each file to provide UNIX class protections. It’s format is _________

Answer 42

nine, rwx rwx rwx

Question 43

What does chmod 775 filename do to the 9 bits in filename?

Answer 43

111 101 001

Question 44

What does the protection bit r denote?

Answer 44

can list files

Question 45

The protection bit _ can open files

Answer 45

x

Question 46

Some systems like Solaris and Linux implement protection bits by _______ for all files

Answer 46

default

Question 47

What does the UNIX command setfacl do?

Answer 47

Set file access control list

Question 48

A user in one ______ may need to execute commands allowed only in another _______

Answer 48

domain, domain

Question 49

________ ________ allows any user to execute a file with the same privileges as the owner of the file.

Answer 49

Domain switching

Question 50

Domain switching is managed with the _______ bit

Answer 50

setuid

Question 51

What are 5 areas of security concerns?

Answer 51

• Breach of confidentiality
• Breach of integrity
• Breach of availability
• Theft of service
• Denial of service

Question 52

What are 4 protection levels?

Answer 52

• Physical
• Human
• Operating system
• Network

Question 53

A trojan horse is when a program executes in other restricted ______

Answer 53

domains

Question 54

What is a trap door?

Answer 54

Designer of program leaves a secret hole

Question 55

A logic bomb initiates attacks under special ___________

Answer 55

circumstances

Question 56

A ______ is self-replicating and relies on a trojan horse to enter a system

Answer 56

virus

Question 57

A buffer overflow attempts to access ________ memory

Answer 57

illegal