Reg.

#: 1010-2018 Section: ________ Name: AIMAN AMIN

Staple

Department: Department of Computing Program: BSCS

here

Assignment – 2
CS 372 Advanced Operating Systems

Announced Date: 14-June-22 Due Date: 22-June-22 Total Marks = 03

Teacher Name: Iqbal Uddin Khan Marks Obtained = _____
(CLO_2: (Cognitive Level C3, i.e., Applying) (PLO_5, i.e., Modern Tools Usage)

Assignment Tasks:
Task - 1. Write 03 Batch Files, using IF, FOR and GOTO Commands, one command in each file
Task - 2. Do the same for Shell Script

Task - 3. Write shell script for setting permission on a file, file name should be provided by user after
executing script
Task - 4. Solve Problems Chapter 09, 01 to 10

Notes for Task – 1

1. Use your windows machine for execution
2. Attach screenshot of each execution

Notes for Task – 2 and Task – 3

3. Use Rocky Linux VM for Task – 2 and Task – 3
4. Attach screenshot of each execution

Notes for Task – 4

1. If solving via hand compile all answers via Cam Scanning App
2. Book “Andrew S. Tanenbaum - Modern Operating Systems” uploaded on Google Drive
Submission Note:
 Use this word file for your assignment completion
 E-books are available @ Google Drive, Click Here
 Topics already discussed in Class
 Submit your assignment as a single PDF via email before 22-June22, 23:59 Hrs.
 Complete single PDF should be named as <CMS-ID, Name, AOS - Assignment 02>
 Mention Your <CMS-ID, Name, AOS - Assignment 01> in Subject of email
 E-mail @ iqbaluddin.khan@hamdard.edu

Page 1 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN

Department: Department of Computing Program: BSCS

TASK NO 1
@echo off
echo enter two numbers Aiman Amin 1010-2018

set /p a=
set /p b=
if %a%==%b% (
echo equal
)
if not %a

@echo off
echo AIMAN AMIN

goto skipline
echo This line will never execute
:skipline
echo 1010-2018
pause

Page 2 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN

Department: Department of Computing Program: BSCS

@echo off
echo aiman amin enter number :
set /p n=
FOR /L %%G IN (%n%,-1,0) do echo %%G
echo done.
pause

TASK NO 4
Confidentiality, integrity, and availability are three components of security. Describe an application that
integrity and availability but not confidentiality, an application that requires confidentiality and integrity
but not (high) availability, and an application that requires confidentiality, integrity, and availability

Answer

i) Requirement of high integrity and availability but not confidentiality :

Internet market places has a high requirement in integrity, availability and confidentiality

ii) Requirement of high confidentiality and availability but not integrity :

Facebook, Instagram and other social media sites these shoukd have high confidentiality for user login
information,

Page 3 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN

Department: Department of Computing Program: BSCS

availability for many users simultaneously but the user given information may not always be true which
means (low integrity)

iii) Requirement of high integrity, availability and confidentiality :

Digital payment must have a high requirement of all three.

One of the techniques to build a secure operating system is to minimize the size ofTCB. Which of the
following functions needs to be implemented inside the TCB and which can be implemented outside
TCB: (a) Process context switch; (b) Read a file from disk; (c) Add more swapping space; (d) Listen to
music; (e) Get the GPS coordinates of a smartphone.

Answer

Firstly let us know what is a TCB:

Trusted computing base(TCB) of a computer system is a set of all the hardware, software and the firmware
components that are important to it's security. By contrast, parts of a computer system outside the TCB
cannot be able to misbehave in a way that will leak the security.

The major advantage of having less complex TCB is, a smaller and less complex TCB is very much secure
and easy to protect. The security of the system is inversely proportional to it's size and complexity.

These are the instructions that should be implemented inside the TCB. They are:

(a). Process context switch.

(b). Read a file from the disk.

(c). Addition of more swapping space.

These are the instructions that should be Implemented outside the TCB:

(d). Listening to music.

(e). Get the gps coordinates of the smartphone.

What is a covert channel? What is the basic requirement for a covert channel to exist?

Answer

A covert channel is any communication channel that can be exploited by a process to transfer information
in a manner that violates the systems security policy. In short, covert channels transfer information using
non-standard methods against the system design.

Basic requirements for any covert channel to exist:

● Detectability: Covert channel must be measurable by the intended recipient only.

Page 4 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN

Department: Department of Computing Program: BSCS

● Indistinguishability: Covert channel must lack identification.

● Bandwidth: number of data hiding bits per channel use.

In a full access-control matrix, the rows are for domains and the columns are for objects. What happens
if some object is needed in two domains?

Answer

A domain is defined as a set of < object, { access right set } > pairs.

An access right is the ability to execute an operation on an object.

Access right means read , write ,execute and print operations

Domain Example : < OBJECT1 , {read, write}> and <OBJECT2 ,{execute}>

Object can be a either hardware or software

Object Example : Files,Printer

Explain which implementation of the protection matrix is more suitable for the following operations:

(a) Granting read access to a file for all users.

(b) Revoking write access to a file from all users.

(c) Granting write access to a file to John, Lisa, Christie, and Jeff.

(d) Revoking execute access to a file from Jana, Mike, Molly, and Shane.

Answer

(a)

Granting read access to a file for all users: -

• To grant read access to a file for all users, access control list (ACL) is the best option.

● Create a group called ‘all’ with all users in it (assume the group name as ‘all’).
● Make a ACL for the file name with ACL as ‘all:R’.

• It can also be done with capability list. With capability lists, it is sufficient to place the capability for the
file in appropriate place in a capability system.

(b)

Revoking write access to a file from all users: -

• To revoke write access for a file from all users, access control list (ACL) is the best option.
Page 5 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN

Department: Department of Computing Program: BSCS

● Edit the ACL by removing the write access.

● If the group ‘all: W’ was the entry added to ACL, remove it from the ACL.

• It can also be done with capability list by changing the check field stored with the object.

(c)

Granting write access to a file to Fred, Mary, Nick, and Joe.

To grant write access to a file to fred, Mary, Nick, and jeo either the access control list method or the
capability list can be used.

It can be implemented with ACL as follows:

Construct ACL for the file for all users,

Then the ACL for file would be ‘Fred,Mary, nick,jeo:W.

It can be implemented using capability list method as follows: -

First construct the capability list for the file, ‘file:W’.

Then assign the above capability for each user named Fred, Mary,nick, jeo .

(d)

Revoking execute access to a file from Molly and Molly: -

To revoke execute access for a file from Jana, Mike, Molly, and Shane, access control lists are the only
possibility.

Edit the ACL by removing the execute access.

Represent the ownerships and permissions shown in this UNIX directory listing as a protection matrix.
(Note: asw is a member of two groups: users and devel; gmw is amember only of users.) Treat each of
the two users and two groups as a domain, so that the matrix has four rows (one per domain) and four
columns (one per file).

– rw– r– – r– – 2 gmw users 908 May 26 16:45 PPP– Notes

– rwx r– x r– x 1 asw dev el 432 May 13 12:35 prog1

– rw– rw– – – – 1 asw users 50094 May 30 17:51 project.t

– rw– r– – – – – 1 asw dev el 13124 May 31 14:30 splash.gif

Answer

Domai P-P-P-Notesprog 1project. splash.gif

Page 6 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN

Department: Department of Computing Program: BSCS

n t

asw r rx rw rw

gmw rw rw

users r Arw

devel rx r

Express the permissions shown in the directory listing of the previous problem as access-control lists.

Answer

You can traverse a directory only if you have execute permission on it.

So for example to access dir/subdir/file, you need execute permission on dir and dir/subdir, plus the
permissions on file for the type of access you want.

Root folder permission limits child files permission.

if you try this:

$ mkdir parent

$ cd parent

$ mkdir child

$ cd child

$ touch test.txt

you get this:

$ cat: ./parent/child/test.txt: permission denied

Default Permissions:

Parent :: Folders permission: Create and Delete file.

Files permission: Read and Write

Child:: Folders permission: Create and Delete file.

Files permission: Read and Write

test.txt:: Files permission: Read and Write

Page 7 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN

Department: Department of Computing Program: BSCS

These permission are allowed for root user by default. Otherwise other user(group and other account)
have read-only permission.

Modify the ACL from the previous problem for one file to grant or deny an access that cannot be
expressed using the UNIX rwx system. Explain this modification.

Answer

A ZFS file system has two properties related to ACLs.

aclinherit – This property determines the behavior of ACL inheritance. Values include the following:

● discard – For new objects, no ACL entries are inherited when a file or directory is created.
The ACL on the new file or directory is equal to the permissions of the file or directory.
● no allow – For new objects, only inheritable ACL entries that have an access type of deny are
inherited.
● restricted – For new objects, the write owner and write_acl permissions are removed when
an ACL entry is inherited.
● pass through – When the property value is set to pass through, files are created with
permissions determined by the inheritable ACEs. If no inheritable ACEs exist that affect the
permissions, then the permissions are set in accordance to the requested permissions from
the application.
● pass through-x – This property value has the same semantics as pass through, except that
when pass-through-x is enabled, files are created with the execute (x) permission, but only if
the execute permission is set in the file creation mode and in an inheritable ACE that affects
the mode.

Page 8 of 8