Protection Chapter 17 Full Test Bank

Chapter 17

Multiple Choice Questions

1. What is the difference between mechanisms and policies?

A. Mechanisms determine what will be done, while policies decide when it will be done

B. Mechanisms determine how something will be done, while policies decide what will be done

C. Mechanisms determine how something will be done, while policies decide why something will be done

D. Mechanisms determine what will be done, while policies decide how it will be done

Feedback: 17.1

Difficulty: Easy

2. A protection domain is a collection of access rights, each of which is ___________________

A. a pair <object-name, list-of-users>

B. a pair <object-name, rights-set>

C. a triplet <object-name, user, rights-set>

D. a triplet <object-name, process_id, rights-set>

Feedback: 17.4.1

Difficulty: Medium

3. The ability to copy an access right from one domain to another may be realized as follows

A. A right R is copied from domain A to domain B and R is removed from domain A. The right R could be copied from domain B to another domain.

B. A right R is copied from domain A to domain B, but the right R could not be copied from domain A to another domain.

C. A right R is copied from domain A to domain B, but the right R could not be copied from domain B to another domain.

D. none of the above

Feedback: 17.5

Difficulty: Medium

4. UNIX operating system associates a protection domain with the ____.

A. task

B. tread

C. process

D. user

Section: 17.4.2

Difficulty: Medium

5. The owner right allows ___________

A. addition of new rights only

B. addition of new rights and removal of some rights

C. removal of some rights only

D. none of the above

Feedback: 17.5

Difficulty: Easy

6. Which of the following is an advantage of compiler-based enforcement of access control?

A. Protection schemes are programmed as opposed to simply declared.

B. Protection requirements are dependent of the facilities provided by a particular operating system.

C. The means for enforcement needs to be provided by the designer of the subsystem.

D. Access privileges are closely related to the linguistic concept of a data type.

Section:17.12.1

Difficulty: Hard

7. Which of the following is true of the Java programming language in relation to protection?

A. When a class is loaded, the JVM assigns the class to a protection domain that gives the permissions of that class.

B. It does not support the dynamic loading of untrusted classes over a network.

C. It does not support the execution of mutually distrusting classes within the same JVM.

D. Methods in the calling sequence are not responsible for requests to access a protected resource.

Section: 17.12.2

Difficulty: Medium

8. A capability list for a domain is ____________________

A. a list of operations together with the list of processes allowed to run the operations on those objects.

B. a list of objects together with the list of processes allowed to access those objects.

C. a list of objects together with the operations allowed on those objects.

D. a list of triplet <object, process, rights>.

Section: 17.6.3

Difficulty: Medium

9. Object means __________

A. hardware object or software object

B. process or threat

C. software object only

D. process only

Section: 17.4

Difficulty: Medium

10. What capability is not used by Linux?

A. permitted

B. mapped

C. effective

D. inherited

Section: 17.10.1

Difficulty: Medium

11. ________________ is not a protection mechanism.

A. System Integrity Protection

B. Intrusion Prevention

C. System-Call Filtering

D. Sandboxing

Section: 17.11

Difficulty: Easy

Essay Questions

1. What are the main reasons for implementing a protection subsystem?

Feedback: 17.1

Difficulty: Easy

2. What does compartmentalization mean?

Feedback: 17.2

Difficulty: Medium

3. Explain the need-to-known principle.

Feedback: 17.2

Difficulty: Medium

4. Describe domain switching.

Feedback: 17.4.1

Difficulty: Medium

5. What are the main drawbacks of the implementation of the access matrix as a global table?

Feedback: 17.6.1

Difficulty: Medium

6. How does a lock-key mechanism work?

Feedback: 17.6.4

Difficulty: Medium

7. Describe the idea of the sandboxing.

Feedback: 17.11.3

Difficulty: Medium

8. Describe the idea of SIP (System Integrity Protection).

Feedback: 17.11.1

Difficulty: Hard

9. Explain a confinement problem.

Ans. The confinement problem is a problem of guaranteeing that no information initially held in an object can migrate outside of its execution environment. The copy and owner rights provide us with a mechanism to limit the propagation of access rights. However, they do not give us the appropriate tools for preventing the propagation (or disclosure) of information.

Feedback: 17.5

Difficulty: Medium

10. Describe how the access matrix is implemented in MULTISC.

Ans. MULTISC uses a combination of access lists and capabilities. When a process first tries to access an object, the access list is searched. If access is denied, an exception condition occurs. Otherwise, a

capability is created and attached to the process. Additional references use the capability to demonstrate swiftly that access is allowed. After the last access, the capability is destroyed.

Feedback: 17.6.5

Difficulty: Hard

11. How does Linux use system-call filtering?

Ans. A code can be added to the kernel to perform an inspection at the system-call gate, restricting a caller to a subset of system calls deemed safe or required for that caller’s function. Specific system-call profiles can be constructed for individual processes. The Linux mechanism SECCOMP-BPF uses the Berkeley Packet Filter language to load a custom profile through Linux’s proprietary prctl system call. This filtering can be effectively enforced if called from within a run-time library when it initializes or from within the loader itself before it transfers control to the program’s entry point.

Feedback: 17.11.2

Difficulty: Hard

12. What protection mechanism is used to ensure that operating-system distributions and patches have not be changed?

Ans. It is code signing, which is the digital signing of programs and executables to confirm that they have not been changed since the author created them. It uses a cryptographic hash to test for integrity and authenticity. Code signing is used for operating-system distributions, patches, and third-party tools alike. Some operating systems, including iOS, Windows, and macOS, refuse to run programs that fail their code-signing check

Feedback: 17.11.4

Difficulty: Hard

True/False Questions

1. The kernel should not run with a higher level of privileges than user processes.

Feedback: 17.3

Difficulty: Easy

2. Rings of protection separate functions into domains and order them hierarchically.

Feedback: 17.4

Difficulty: Easy

3. Domains cannot share access rights

Feedback: 17.4.1

Difficulty: Easy

4. Android cannot provide the same level of protection as UNIX, because it is not able to separate users.

Feedback: 17.4.3

Difficulty: Medium

5. The default set of access rights are used if no entry in the access list is found.

Feedback: 17.6.2

Difficulty: Easy

6. In a dynamic protection system, sometimes access rights to objects shared by different users need to be revoked.

Feedback: 17.7

Difficulty: Medium

7. Role-based access control (RBAC) increases the security risk associated with superusers.

Feedback: 17.8

Difficulty: Hard

8. root user can modify mandatory access control (MAC)

Feedback: 17.9

Difficulty: Medium

9. Apple’s systems employs capability-based protection in the form of entitlements.

Feedback: 17.10.2

Difficulty: Medium