Homework 2

1. (10 points) Please do Exercise 14 of the handout Robust Programming.
2. (18 points) Please do Exercise 20 of the handout Robust Programming.
3. (20 points) Which of the four basic principles of robust programming does the use of the function gets(3) violate? Please justify your answer.
4. (20 points) Please classify the flaws exploited in the attacks on the Michigan Terminal System and the Burroughs B6700 under the PA and RISOS classifications. Remember to justify your answer.
5. (32 points) Please show that the PA classifications and RISOS classifications cover the same categories of flaws.
   Hint: If x is a flaw in the "improper initial protection domain" class of PA, in which class or classes might it fall in the RISOS classification?
6. (50 points) Please do exercise 17 of the handout Robust Programming. The source code for the current version of the qlib library (qlib.h, qlib.c) is available from the class web page (you will need both the header file and the source code). Don't forget to change all the functions so the library works correctly, is robust, and is well commented. Remember to keep the interface the same!
7. (150 points) Read the book The Prince by Niccolò Machiavelli. Then please write an essay either affirming or refuting the following thesis: The rights and obligations of the security officer of a system (who is responsible for maintaining the security of the system) are analogous to those of a prince, as described by Machiavelli. Your essay should be at least 4 pages long and no more than 8 pages long (or between 240 and 480 lines, if you submit ASCII text).