AaYr}  0 `@`  ` P P  HH $ @d HHHH̀̀̀ff@  d Footnote TableFootnote**.\t.\t/ - :;,.!?9.c/ dZTOCHeading1Heading2   aEquationVariablesD ;`<<=7=P=i=;B;D;F;H <$lastpagenum><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear>J<$hour>:<$minute00> <$ampm> on <$dayname>, <$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear> <$fullfilename> <$filename> <$paratext[Title]> <$paratext[Heading1]> <$curpagenum> <$marker1> <$marker2> (Continued)+ (Sheet <$tblsheetnum> of <$tblsheetcount>)Heading & Page <$paratext> on page<$pagenum>Pagepage<$pagenum>See Heading & Page%See <$paratext> on page<$pagenum>. Table All7Table<$paranumonly>, <$paratext>, on page<$pagenum>Table Number & Page'Table<$paranumonly> on page<$pagenum>Heading <$paratext>EHTML Headings++A33557NA<<>>@@A ;b;d;f;h;j;l;n;p;r;t;v;x;z;|;~;;;;;;;;;;;;;;;;;;;;;AA;;;;;;;;;;AA;;;;;;;;;;;;;;;;;;;;B1B3;;;;;;;;;;<<<<<< < <<<<<<<<BB< <"<$<&<(<*<,<.<0<2<4<6<8<:<<BB<@HH  W,eH* }H ;=?H  W-eN }H ;>@H  W.eN } H ;?A H  W/a }H(;@BH(  W0e P:Numbered }HH(;ACHH(( 3eP 1e Parent = OL Q2e Depth = 0 }H(;BDH(  W4eN }H(;CEH(  W5eY } H(;DF H(  W6a }H ;EGH  W7e P:CellBody }HH ;FHHH  W8eP }H ;GIH  W9eN }H ;HJH  W:eN } H ;IK H  W;a }H ;JLH  W<eP:CellHeading }HH ;KMHH  W=eP }H ;LNH  W>eN }H ;MOH  W?eN } H ;NP H  W@a }H ;OQH  WAe P:Footnote }HH ;PRHH  WBeP }H ;QSH  WCeN }H ;RTH  WDeN } H ;SU H  WEa }H(;TVH( WFe P:Bulleted }HH(;UWHH((IeLI Ge Parent = UL QHe Depth = 0 }H(;VXH( WJeN }H(;WYH( WKeN } H(;XZ H( WLa }H ;Y[H WMe P:Heading2 }HH ;Z\HH WNeH* }H ;[]H WOeN }H ;\^H WPeN } H ;]_ H WQa }H;^`HR% P:HeadingRuPEnIn }HH;_aHH WSeP }H<`bH WTeN }H<acH WUeN } H<bd H WVa }7H <ce7H WWe P:Indented }H7H < dfH7H WXeP }7H < eg7H WYeN }7H < fh7H WZeN } 7H <gi 7H W[a }CH<hjCH\% P:TableFootPEnote }HCH<ikHCH W]eP }CH<jlCH W^eN }CH<kmCH W_eN } CH<ln CH W`a }]H(<mo]H( Wae P:TableTitle }H]H(<npH]H((deLI be Parent = OL Qce Depth = 0 }]H( H "W4a }©H(<=?©H( #W5e P:Lettered }H©H(<>@H©H((#6eLI me Parent = OL Qne Depth = 0 }©H(<?A©H( #W7eN }©H(<@B©H( #W8eN } ©H(<Ao ©H( #W9a }»d <DF»d F$W:aHTML Options Table }D»d <DD»d F$W;a }D»d <DD»d F$W<a }D <DCGD F%W=eControl }DH <DFHDH F%W>eValue }H <DGIH F%W?e Comments }D6<DHJD6 F&W@e Image Format }DH6<DIKDH66F&A% 0001IMAGGIF p MACP0001GIEF }H6<DJLH6 F&WBa }D <DKMD F'WCeBanners }DH <DLNDH F'WDeN }H <DMOH F'WEa }D<DNPDF(F% Banner ReferPE ence Frame }DH<DOQDH F(WGe }H<DPRH F(WHa }D(<DQSD((F)I$% Copy Files  Imported by PE Rerefernce }DH(<DRTDH( F)WJe }H(<DSUH( F)WKa }DD(<DTVDD((F*L% Copy Files  Imported by PE Reference }DDH(<DUWDDH( F*WMeN }DH(<DVwDH( F*WNa }Vd <Dv[Vd F+WOaSystem Macros }?Vd <D?Vd F+WPa }Vd <DVd F+WQa }f? <DX\f? F,WRe Macro Name }?fH <D[?fH F,WSe Replace With }fH <D^fH F,WTe Comments }r? =D]_r? F-WUe StartOfDoc }?rH =D^?rH F-WVa }rH =DarH F-WWa }~? =D`b~? F.WXe EndOfDoc }?~H = Daa?~H F.WYa }~H = Dad~H F.WZa }?= Dce?F/[% StartOfSubPEDoc }?H=Ddb?H F/W\a }H=DbgH F/W]a }?=Dfh?F0^% EndOfSubPEDoc }?H=Dgc?H F0W_a }H=DcjH F0W`a }?=Dik?F1a% StartOfFirstPESubDoc }?H=Djd?H F1Wba }H=DdmH F1Wca }?=Dln?F2d% EndOfFirstPESubDoc }?H=!Dme?H F2Wea }H=#DepH F2Wfa }?=%Doq?F3g% StartOfLastPESubDoc }?H='Dpf?H F3Wha }H=)DfsH F3Wia } ?=+Drt ?F4j% EndOfLastPESubDoc }? H=-Dsg? H F4Wka } H=/Dgy H F4Wla }H CnwH 5GoeC:Fixed }H CvxH 5GeEM }H CwhH 5GeN },d =8Du|,d F6WpaCross-Reference Macros }?,d =:D?,d F6Wqa },d =<D,d F6Wra }<? =>Dy}<? F7Wse Macro Name }?<H =@D|~?<H F7Wte Replace With }<H =BD}<H F7Wue Comments }H?=DD~H? F8Wve See Also }?HH=FD?HHF8w% See Also: PE <$paratext> }HH=HDHH F8Wxa }Vd @DVd F+Wye }fH @D\]fH F,WzeHead }rH @D_`rH F-W{e }hd =QD hd F:WaGeneral Macros }?hd =SD?hd F:Wa }hd =UDhd F:Wa }hd =WDhd F:Wa }x? =YD"x? F;We Macro Name d= d= d l d= di  WBm }d = d  <W|aHeadings Table }Hd = Hd  <W}a }Hd = Hd  <W~a }H= H  =WeHeading Level }HH= HH =%Paragraph ForPEmat }H= H  =We Comments }H= H >W e2 }HH= HH  >We Heading1 }H= H  >Wa }KH = KH  ?We3 }HKH = HKH  ?We Heading2 }KH = KH  ?Wa }WH= WH  @We1 }HWH= HWH @W eTitle }WH= WH  @W a [ HHˆ>HHˆ  WX` HHˆ>HHˆ79 ld>99 }?xH =[D #?xH F;We Replace With }xH =]D"$xH F;W eHead }xH =_D#%xH F;W!e Comments }? =aD$&? FCW"a }?H =cD%'?H FCW#a }H =eD&(H FCW$a }H =gD')H FCW%a }d =jD(.d FDW&aCharacter Macros HHˆ;"HHˆ+Ge HHˆ;$3HHˆ**l}?d =lD?d FDW'a }d =nDd FDW(a }? =pD)/? FEW)e Character }?H =rD.0?H FEW*e Replace With }H =tD/1H FEW+e Comments }? =vD0B? FFW,e HUV ;.HUV 3Ge HUV ;05+HUV 22l H$ ;1H$ 5Ge H$ ;33H$ 44l HHˆ;4HHˆ1,,7 ` Homework 2 G `1Due Date : May 9, 2000 Points : 200 H` ![ {( 20 points ) A noted computer security expert has said that without integrity, no system can provide confidential@ity. \`*Do you agree? Please justify your answer. ]`[Can a system provide integrity without confidentiality? Again, please justify your answer. ^u k( 25 points ) Given the security levels TOPSECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED (ordered 0sfrom highest to lowest), and the categories A, B, and C, say what type of access (read, write, or both) is allowed @rin the following situations. Assume discretionary access controls allow anyone access unless otherwise specified. _`cPaul, cleared for (TOPSECRET, { A, C }), wants to access a document classified (SECRET, { B, C }). !` bAnna, cleared for (CONFIDENTIAL, { C }), wants to access a document classified (CONFIDENTIAL, { B @}). a`aJesse, cleared for (SECRET, { C }), wants to access a document classified (CONFIDENTIAL, { C }). !b cSammi, cleared for (TOPSECRET, { A, C }), wants to access a document classified (CONFIDENTIAL, { A @}). !c bRobin, who has no clearances (and so works at the UNCLASSIFIED level), wants to access a document @"classified (CONFIDENTIAL, { B }). d y( 25 points ) Declassification effectively violates the *-property of the Bell-LaPadula Model. Would raising the @Qclassification of an object violate any properties of the model? Why or why not? e`^( 30 points ) Please show how separation of duty is incorporated into Lipners model.  ( 100 points ) The host  pacific-hts.cs.ucdavis.edu  is a Windows 2000 system on the network. We will be conduct02uing a penetration test as a class experiment throughout this term. The goal is to acquire access to the system as a user ( administrator  or otherwise). The first step in a penetration test is to hypothesize flaws, or potential vulnerasbilities. For this exercise, you must assume you are analyzing the system as though you have no access to it other @^than from the network. You will hypothesize potential flaws, but  not  test them yet. != Determine what network servers  pacific-hts  is running. ( Hint : find the program  nmap , download it and use @it.) ! jPlease devise three possible network-based vulnerabilities on the system using your knowledge of the servmers and of potential vulnerabilities in them. You must justify why you think the system may have that vulneryability. Please post your description to the newsgroup  ucd.class.ecs253.d . As part of the requirement for this yanswer,  each student must submit 3 different potential vulnerabilities ; the first poster of each potential vul@dnerability gets credit for it. So be sure your vulnerabilities are different than your classmates! V`;For credit for this problem, please turn in the following: !W yThe output of a port scanner run against  pacific-hts . Please be sure to put the date in the output (you can do @Fthis by hand if you like) because the configuration will be changing. !g lThree possible vulnerabilities using the template below. Fill in what you can; put to be determined where jyou dont know. Please dont submit things that others have posted to the newsgroup. However, if you have lan idea for a different vulnerability inspired by something that was posted, go ahead and submit that. Gradwing will  not  be based on whether the hypothesized flaw exists; it will be based upon your creativity, ideas, pand justifications. On the form, incidentally, your justification should go in the section for the long descripstion. Your description here should explain the vulnerability on an existing system, and why you think  pacific- zhts  may suffer from it; or, explain what you think the vulnerability would be, and (again) why  pacific-hts  B@may have it.  HHˆ;6HHˆ 66 l HHˆ>!HHˆ€559h`The Template For the Holes Y`kThis may be found on the web as http://seclab.cs.ucdavis.edu/projects/vulnerabilities/doves/template.html. Z` )`#  1`( 2`F 6` 7`J 8` 9���` :`J ;` <`I ?` @` A`@ C` D` E`B L` M` N`C X` Y` Z`C ^`7 _` ``> Ad` HHˆ>!HHˆ H88 ld>HH d;;<@H$ ;<;>H$ == l H$ ;=;H$ <Wl6April 27, 2000ECS 253 Spring 2000Page 1  HUV ;>;<@HUV ?? l HUV ;?;HUV >WlALast modified at  10:14 am on Saturday, April 29, 2000  HHˆ;@;>HHˆAA l HHˆ;A;HHˆ@W` }?H =xD1C?H FFW-e¢ }H =zDB^H FFW.a d=~EEd=DdFF l d=Dd²"CQE"CFILORUwtX[^adgjmpsy| %).1^[XURO HHˆ>:HHˆ…66He)`< g` h`@ j` k` l` m` n`D p` q`9 s` t`@ v` w` x` y` z`C }` ~` ` `@ ` ` `B ` `?  `  ` `> ` ` `G ` ` `B `) ` ` A`@ ` `@ `  ` !` "`< &` '`< *` +` ,`< 0` 1` 2` 3`> 6` 7`= 9` :`? <` =` >`@ A` B` C`F D` E` F` G` H`> AP` HHˆ?@IHHˆHNJJ ld@6NN HHˆ@7LHHˆ]NQ)`< S` T` U` V`F W` C` HHˆ@9LHHˆKMM l}? @cDTP? FBWie }?H @eDOQ?H FBWje... }H @gDPH FBWke }? @iDWS? FGWle }?H @kDRT?H FGWme- }H @mDSOH FGWne }? @oDZV? FHWoe }?H @qDUW?H FHWpe-- }H @sDVRH FHWqe }? @uD]Y? FIWre }?H @wDXZ?H FIWse° }H @yDYUH FIWte }? @{D`\? FJWue }?H @}D[]?H FJWve® }H @D\XH FJWwe }? @DC_? FKWxe }?H @D^`?H FKWye© }H @D_[H FKWze }~H @Dbc~H F.W{e }H@DefH F/W|e }H@DhiH F0W}e }H@DklH F1W~e }H@DnoH F2We }H@DqrH F3We } H@Dtu H F4We }H CxiH 5GeN }H ChH 5Ge }H CskH 9Ge C:Emphasis }H CjlH 9GeEM }H CkmH 9GeN }H ClnH 9G eN }H CmvH 9G e }H CBpH LG eP:Line }H CoqH LG eP }H CprH LG eN }H CqsH LGeN }H CrjH LGe }DDDyuDFMg% CSS Export E Encoding }HDDtvH FMGe }HDDuXH FMGe }DDDWxDFNg% Export EnEcoding }HDDwyH FNGe }HDDxtH FNGe dLeftd;Rightd ReferenceddHTMLdDHTMLd Headingsd d !d :d Id L @@ bMapping Table Title. @@ bBody.  f@PbTitleBody. f@E b Numbered1.\tNumbered. @@ bFooter. f@T b TableTitleT:Table : . f@T bHeading1Body. f@ b. Body. f@ ! )Body. @@b Mapping Table Cell. $f@NE b$. Lettered N:< >. Numbered-. f@ bBody. @@ bHeader Double Line. f@ b CellFooting. f@ b CellHeading. f@ b CellBody. @@ bMapping Table Cell. @@6Mapping Table Cell. $f@NE b$. Lettered N:< >. Numbered-. @@ 6Mapping Table Cell. @@ bMapping Table Cell. $f@NE b$. Lettered N:< >. Numbered-. f@ bBody. f@ b Indented. f@ b Numbered < =0>.. f@ b NumberedSpaced.\t. f@ b Indented. f@ b BodySpaced. f@ b Bulleted\t. f@ b...Date. mf@ bl. DateProject. @@ bHeader Double Line. f@T bHeading1Body. f@E b Numbered1.\tNumbered. f@ b NumberedSpaced.\t. f@ b.Reading.  f@PbTitleBody. f@$b.Line Single Line. f@ bCellBody. f@ b CellHeading. f@ b Footnote. f@T bHeading2Body. f@T b HeadingRunInBody. f@ b TableFootnote. f@T b TableTitleT:Table : . b bb b 6 b ڝbbEmphasis bbbEquationVariables ڝb 6  BoldItalic bItalic bBold b6 b b b !  ! FixedZZThinMediumDoubleThick@ Very Thin HHHHHFormat AH Mapping Table HHHHHFormat BH Mapping Tableh6¼5HHHHH$MDHH+4?HHH68?HH :C?HHHTDB?HH*0<@HHH@h h h !"h #$%&'Eh ()*+,Qh -./01]h 23456ih( 789:;h  < = > ? @ h( A B C D E h  F G H I J h  K L M N O h  P Q R S T h( UVWXYh Z[\]^h_`abc7h defghChijklm]h(nopqrh stuvwh xyz{|h(}~h h    h  h h h)h  !"#$5h%&'()Oh  *+,-.[h!/ 0 1 2 3 uh "4!5!6!7!8!h!#9":";"<"="©h("L>#?#@#A#B#» %FC$D$E$ $&FF%G%H%6%'FI&J&K& &(FL'M'N'')FO(P(Q(((*FR)S)T)D()NFU*V*W*Vd ,FX+Y++Z+f +-F[,\,,],r ,.F^-_--`-~ -/Fa.b.a.c..0Fd/e/b/f//1Fg0h0c0i002Fj1k1d1l113Fm2n2e2o224Fp3q3f3r3 3Fs4t4g4u4h 9v5w5x5h5i5,d 7Fy6z6{6< 68F|7}7~7H7F888h L5j9k9l9m9n9hd ;F::::x :CF ;";#;$; =  <<<<> ====? >>>K >@ ???W? @@@  GFOBPBQB ;F%C&C'C(Cd EF)D,D-D DFF.E/E0E EKF1FBFCF HBFRGSGTG IGFUHVHWH JHFXIYIZI KIF[J\J]J FJF^K_K`Kh #9oLpLqLrLsLNFtMuMvM*MFwNxNyNComment ;C ;Gd BlackT!WhiteddARedddGreendd BluedCyandMagentad YellowHeader/Footer $1Header/Footer $1Header/Footer $2Header/Footer $2IndexIndexCommentCommentSubjectSubjectAuthorAuthorGlossaryGlossaryEquationEquation Hypertext Hypertext  Cross-Ref Cross-Ref Conditional TextConditional TextPositionFMPrivatePositionFMPrivateRangeEndFMPrivateRangeEndFMPrivate HTML Macro HTML Macro M.Times.P Times-Roman FrameRoman M.Times.B Times-Bold FrameRoman M.Courier.PCourier FrameRoman M.Helvetica.BHelvetica-Bold FrameRomanM.Helvetica.BIHelvetica-BoldOblique FrameRoman M.Times.I Times-Italic FrameRoman M.Times.BITimes-BoldItalic FrameRomanp Courier5 HelveticaaTimes$Regular$Roman MediumBoldRegular ObliqueItalicgqMMԯ K;+5 }>M? ÇئQ%]EMLFyޡ{ЃX]/CC惟n;\h,!"J.S} sjvQ`v VhFUu}UF5G$bZX6@7[B,l䷕P嘎r;