Carnegie Mellon
SCS logo
Computer Science Department
home
syllabus
staff
schedule
lecture
projects
homeworks
QA
 
  

15-410 Homework 2

This homework assignment is due Friday, December 10th at 23:59:59. As we intend to make solutions available on the web site immediately thereafter, please turn your solutions in on time.

Homework must be submitted (online) in either PostScript or PDF format (not: Microsoft Word, Word Perfect, Apple Works, LaTeX, XyWriter, WordStar, etc.). Except as otherwise directed (in the crypto question), turn in your answers as either .../$USER/hw2/$USER.pdf or .../$USER/hw2/$USER.ps. If you use another filename, there is some risk that your solutions will not be credited to you.

As usual, you may discuss this assignment with others, but you must then go off by yourself to write up the solution.

Question 1 - Public Key Practicum

This question is not hard, but it does take some time to do it right. Please don't leave this question to the last minute.

Follow the directions in pgp.html to generate a PGP key ring, containing public and private keys for digital signature and encryption purposes. Do not turn the key ring in to your hw2 directory. Instead, follow the directions on how to export the public key information from the key ring into a file, hw2/$USER.asc. Then create a secret message for the course staff, in hw2/$USER.secret.asc

Question 2 - Copy-on-write

As some students pointed out, implementing copy-on-write is a good way for an operating system to overcommit memory--to promise applications more memory than the system can actually provide.

Part A

Briefly explain how this overcommittment happens. If you wish you may use a short, clear program to help explain.

Part B

Explain how a VM system which implements copy-on-write can avoid overcommitting system memory.

Part C

Some kernel implementors and some users believe that memory overcommittment (as long as it is temporary and resolves itself non-painfully) is motivation for copy-on-write. Explain how copy-on-write could be beneficial even for systems which don't overcommit memory.

Question 3 - Process Model

When you use kinit to acquire Kerberos tickets, the program uses your password to acquire a ticket-granting ticket (TGT) from the authentication server. It is a feature of the Kerberos architecture that kinit discards your password as soon as it is done with this initial authentication step. Thus credentials in your your credential cache (viewable with klist) all have expiration times, and your machine loses its authority to represent you after a certain number of hours. This limits the ability of an attacker to acquire your authenticators, store them, and use them when you are not paying attention (e.g., out of town for an interview).

But... in the 1990's some hard-working CMU CS graduate students who found themselves working for more than 24 hours at a stretch were annoyed when their Kerboeros authenticators timed out. Some of them wrote small shell scripts which contained their passwords and periodically fed those passwords to kinit to obtain fresh TGTs.

A security-conscious graduate student, Bennet Yee, tried to find a solution to the perceived Kerberos usability problem while still addressing security concerns. He, too, wrote a program which would periodically "type" a user's password into kinit, but his program, kauthd, had a twist. The user's password was not stored in a file or even in memory in kauthd's address space. Instead, kauthd stored the password in a "time capsule" device. At startup, it would create a Unix pipe() (see the Project 4 writeup for a quick introduction to pipes). Any time when the password wasn't actively in use, kauthd would write() the password onto the write end of the pipe. When it later became time for kauthd to once again "type" a pasword, it would read() the password from the read end of the pipe, feed it to kinit, and then once again write() it on the write end of the pipe.

Explain why Bennet felt that storing the user's password in a pipe represented an increase in security over a more straightforward implementation which would hold the password somewhere in kauthd's address space. Specify a threat and how the pipe reduces the exposure to that threat. While there is more than one possibility, please describe only the one you find most threatening.

Helpful Hint

By the way, if you think you are having AFS permission problems, try running the program located at
% /afs/cs.cmu.edu/academic/class/15410-f04/pub/access_hw2

[Last modified Saturday December 04, 2004]