----------------------------------------------------------------------------

	    CMSC 426/626: Principles of Computer Security
			      Fall 2006
			      Homework 2
	   Due: Sunday, Nov 12, 2006, 11.50pm ONLINE Submit
	      On gl, run: submit cs426 hwk2 filename.PDF
	     Only PDF or TEXT versions will be accepted.
----------------------------------------------------------------------------

1. Compare and contrast the Orange Book criteria and the Common
   Criteria. What are common criticisms of the Common Criteria Model? 

   (Limit answer to approx. 1-2 pages).

2. What is the theoretical significance of the Take-Grant model of
  access control?

3. Are there known attacks on or vulnerabilities in the SELinux OS?

   (Limit answer to approx. 1-2 pages).

4. Do a web search for the most current worm or virus. Report the name
  of the worm/virus and describe it in reasonable technical detail -
  mode of exploitation, how it inserted itself and executed, and
  impact on the victim system.  Provide the date of the newest attack,
  the first sighting of the virus/worm, or any other information
  showing how current your information is.

   (Limit answer to approx. 2 pages).

5. Is there such a thing as spyware on NON-Microsoft Windows systems?
  Why or why does it not exist?  Please elaborate.

   (Limit answer to approx. 1 page).

6. Pick any known buffer overflow attack. Describe it in reasonable
   technical detail, e.g. what function/data variable was compromised,
   how was code injected and executed, and what was the impact on the
   victim system.

   (Limit answer to approx. 2 pages).

7. Download and install any static code checker such as splint, RATS,
   Uno, etc. Then, run the checker on your Project1 submission and
   submit a copy of the errors reported by the software. What did you
   learn about your coding style from this exercise?

----------------------------------------------------------------------------