Professional Documents
Culture Documents
AimanAmin AOS Assignment 2 (1010-2018)
AimanAmin AOS Assignment 2 (1010-2018)
Assignment – 2
CS 372 Advanced Operating Systems
Assignment Tasks:
Task - 1. Write 03 Batch Files, using IF, FOR and GOTO Commands, one command in each file
Task - 2. Do the same for Shell Script
Task - 3. Write shell script for setting permission on a file, file name should be provided by user after
executing script
Task - 4. Solve Problems Chapter 09, 01 to 10
Page 1 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN
TASK NO 1
@echo off
echo enter two numbers Aiman Amin 1010-2018
set /p a=
set /p b=
if %a%==%b% (
echo equal
)
if not %a
@echo off
echo AIMAN AMIN
goto skipline
echo This line will never execute
:skipline
echo 1010-2018
pause
Page 2 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN
@echo off
echo aiman amin enter number :
set /p n=
FOR /L %%G IN (%n%,-1,0) do echo %%G
echo done.
pause
TASK NO 4
Confidentiality, integrity, and availability are three components of security. Describe an application that
integrity and availability but not confidentiality, an application that requires confidentiality and integrity
but not (high) availability, and an application that requires confidentiality, integrity, and availability
Answer
Internet market places has a high requirement in integrity, availability and confidentiality
Facebook, Instagram and other social media sites these shoukd have high confidentiality for user login
information,
Page 3 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN
availability for many users simultaneously but the user given information may not always be true which
means (low integrity)
One of the techniques to build a secure operating system is to minimize the size ofTCB. Which of the
following functions needs to be implemented inside the TCB and which can be implemented outside
TCB: (a) Process context switch; (b) Read a file from disk; (c) Add more swapping space; (d) Listen to
music; (e) Get the GPS coordinates of a smartphone.
Answer
Trusted computing base(TCB) of a computer system is a set of all the hardware, software and the firmware
components that are important to it's security. By contrast, parts of a computer system outside the TCB
cannot be able to misbehave in a way that will leak the security.
The major advantage of having less complex TCB is, a smaller and less complex TCB is very much secure
and easy to protect. The security of the system is inversely proportional to it's size and complexity.
These are the instructions that should be implemented inside the TCB. They are:
These are the instructions that should be Implemented outside the TCB:
What is a covert channel? What is the basic requirement for a covert channel to exist?
Answer
A covert channel is any communication channel that can be exploited by a process to transfer information
in a manner that violates the systems security policy. In short, covert channels transfer information using
non-standard methods against the system design.
In a full access-control matrix, the rows are for domains and the columns are for objects. What happens
if some object is needed in two domains?
Answer
A domain is defined as a set of < object, { access right set } > pairs.
Explain which implementation of the protection matrix is more suitable for the following operations:
(c) Granting write access to a file to John, Lisa, Christie, and Jeff.
(d) Revoking execute access to a file from Jana, Mike, Molly, and Shane.
Answer
(a)
• To grant read access to a file for all users, access control list (ACL) is the best option.
● Create a group called ‘all’ with all users in it (assume the group name as ‘all’).
● Make a ACL for the file name with ACL as ‘all:R’.
• It can also be done with capability list. With capability lists, it is sufficient to place the capability for the
file in appropriate place in a capability system.
(b)
• To revoke write access for a file from all users, access control list (ACL) is the best option.
Page 5 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN
• It can also be done with capability list by changing the check field stored with the object.
(c)
To grant write access to a file to fred, Mary, Nick, and jeo either the access control list method or the
capability list can be used.
Then assign the above capability for each user named Fred, Mary,nick, jeo .
(d)
To revoke execute access for a file from Jana, Mike, Molly, and Shane, access control lists are the only
possibility.
Represent the ownerships and permissions shown in this UNIX directory listing as a protection matrix.
(Note: asw is a member of two groups: users and devel; gmw is amember only of users.) Treat each of
the two users and two groups as a domain, so that the matrix has four rows (one per domain) and four
columns (one per file).
Answer
n t
asw r rx rw rw
gmw rw rw
users r Arw
devel rx r
Express the permissions shown in the directory listing of the previous problem as access-control lists.
Answer
You can traverse a directory only if you have execute permission on it.
So for example to access dir/subdir/file, you need execute permission on dir and dir/subdir, plus the
permissions on file for the type of access you want.
$ mkdir parent
$ cd parent
$ mkdir child
$ cd child
$ touch test.txt
Default Permissions:
Page 7 of 8
Reg. #: 1010-2018 Section: ________ Name: AIMAN AMIN
These permission are allowed for root user by default. Otherwise other user(group and other account)
have read-only permission.
Modify the ACL from the previous problem for one file to grant or deny an access that cannot be
expressed using the UNIX rwx system. Explain this modification.
Answer
aclinherit – This property determines the behavior of ACL inheritance. Values include the following:
● discard – For new objects, no ACL entries are inherited when a file or directory is created.
The ACL on the new file or directory is equal to the permissions of the file or directory.
● no allow – For new objects, only inheritable ACL entries that have an access type of deny are
inherited.
● restricted – For new objects, the write owner and write_acl permissions are removed when
an ACL entry is inherited.
● pass through – When the property value is set to pass through, files are created with
permissions determined by the inheritable ACEs. If no inheritable ACEs exist that affect the
permissions, then the permissions are set in accordance to the requested permissions from
the application.
● pass through-x – This property value has the same semantics as pass through, except that
when pass-through-x is enabled, files are created with the execute (x) permission, but only if
the execute permission is set in the file creation mode and in an inheritable ACE that affects
the mode.
Page 8 of 8