Introduction To Operating Systems NPTEL Week 8 Assignment

8 months ago
Posted by PROGIEZ
8 minutes

Session: JULY-DEC 2023

Course Name: Introduction to Operating Systems

Course Link: Click Here

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q1. Suppose a source code has buffer overflow vulnerabilities. Which of the following can cause buffer overflow vulnerabilities
scanf(“%s”,…)
strcpy(destination,source)
send command used for network connection
Only A
B and C
A and B
All of the above

Answer: All of the above

Q2. State True/False
The non executable stack helps to prevent buffer overflow attack, but the overhead for making a stack as non executable stack is more than that of canaries.
True
False

Answer: False

Q3. Arrange the following, based on the order the parameters are pushed into the stack
Return address is pushed
The function call parameters
Previous frame pointers
Local variables are allocated
a, b, c, d
b, c, d, a
b, a , c, d
a, c, d, b

Answer: b, a , c, d

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q4. User X has found that s source code has a buffer overflow vulnerability caused by strcpy instruction. He then used strncpy in place of strcpy to prevent buffer overflow vulnerabilities. Which of the following is True
Buffer overflow attack will not occur in this source code
Buffer overflow vulnerabilities caused due to strcpy is avoided to some extend since it do the bound check
This will not make any change in the source code
None of these

Answer: Buffer overflow vulnerabilities caused due to strcpy is avoided to some extend since it do the bound check

Q5. State True/False
The number of gadgets present in the implementation depends on the number of C3 instruction in the machine code
True
False

Answer: False

Q6. Match the following
Gadget 1) pseudo random number which detect the buffer overflow
Canaries 2) Short sequence of instruction ends with return
Shellcode 3) Execute inside the stack
ASLR 4) Specific address location
a-4, b-3, c-2, d-1
a-2, b-1, c-4, d-3
a-1, b-2, c-4, d-3
a-2, b-1 c-3, d-4

Answer: a-2, b-1 c-3, d-4

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q7. ASLR randomizes
The size of all arrays, thereby making it difficult to perform buffer overflows
All instructions in the program
Positions of the stack, heap, and libraries
Position of all variables in the stack

Answer: Positions of the stack, heap, and libraries

Q8. Match the following:
Secrecy 1)Limit the resource usage
Integrity 2)Unauthorized modification
Availability 3)Unauthorized disclosure
a-1, b-2, c-3
a-2, b-3, c-1
a-3, b-2, c-1
None of these

Answer: a-3, b-2, c-1

Q9. Consider the following commands in a system that supports discretionary access control.
Which one of the following statements is TRUE?
There is no leakage of rights due to these commands
A leakage may occur when a user with write permissions, executes ADD_READ command
A leakage may occur when a user with write permissions, executes ADD_DELETE command
Only A is correct
Only B is correct
Only C is correct
Both B and C is correct

Answer: Only C is correct

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q10. Suppose in a system you have 2000 files and 4 user, who has access rights on these files. Which on of the following will be the best method to implement access control ?
Using an authorization table
Using a capability based implementation
Using access control lists
Any of the above would techniques would work well

Answer: Any of the above would techniques would work well

Q11. Which of the following is False for the Information flow policies
Information can only flow from one security class to another is less secure
Information can flow from a lower class to a higher class is less secure
Combine information from a lower class with a higher class will result in a higher class is less secured
Combine information from one class with another information from another class will result in same class is more secure

Answer: Information can only flow from one security class to another is less secure

Q12. State True/False
In mandatory access control, information from top secret object will not flow to secret and vice versa.
True
False

Answer: False

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q13. A user X with secret clearance decides to transfer information to a third party Y. And Y tries to make changes in the confidential class. This breach of information can be prevented by _____.
Implementing access control matrix
Implementing Bell-laPadula model
Implementing the Biba Model
None of the above

Answer: Implementing Bell-laPadula model

Q14. Using a Biba model, a user X can read a file Y and can write a file Z. Which of the following is TRUE?
X has clearance Confidential, Y is a Top Secret file and Z is a confidential file
X has secret Confidential, Y is a Unclassified File and Z is a confidential file
X has secret Confidential, Y is a secret file and Z is a confidential file
A and C are TRUE
B and C are TRUE
A and B are TRUE
Only A is TRUE

Answer: A and C are TRUE

Q15. In a company, there are 4 levels of employees: Top management, group-leaders, team-leaders, and staff. The top management takes feedback from all leaders employees and then creates new policy document from the company. The new document should be classified ____.
A top management document
A team-leader document
A staff document
A public document

Answer: A team-leader document

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Course Name: Introduction To Operating Systems

Link of course: Click here

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q1) ASLR randomizes the position of all variables in the stack and thereby making it difficult to perform buffer overflows.
a. True
b. False

Answer: a. True

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q2) Match the following
a)Gadget 1) pseudo random number which detects buffer overflow
b)Canaries 2) Short sequence of instructions ending in a return
c)Shellcode 3) May execute in the stack if the NX bit is disabled
d)ASLR 4) helps prevent ROP attacks
a. a-4, b-3, c-2, d-1
b. a-2, b-1, c-4, d-3
c. a-1, b-2, c-4, d-3
d. a-2, b-1 c-3, d-4

Answer: c. a-1, b-2, c-4, d-3

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q3) How does the NX bit prevent buffer overflow attacks?
a. It prevents buffers from overflowing
b. It prevents certain code from executing in data segments
c. It prevents the return address in the stack being replaced by an arbitrary location
d. All of the above

Answer: d. All of the above

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q4) An ROP attack can potentially be detected at run-time by
a. Canaries
b. The number of return statements executed in the processor
c. The number of return statements present in the executable
d. By a non-executable stack

Answer: c. The number of return statements present in the executable

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q5) In the Bell-Lapadula model, information from top secret object will not flow to secret clearance.
a. True
b. False

Answer: b. False

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q6) A user X with secret clearance decides to transfer information to a third party Y and Y tries to make changes in the confidential class.
This breach of information can be prevented by _________________.
a. Implementing access control matrix
b. Implementing Bell-laPadula model
c. Implementing the Biba Model
d. None of the above

Answer: d. None of the above

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q7) Programmer X has found that the source code has a buffer overflow vulnerability caused by strcpy instruction. He then used strncpy in place of strcpy to prevent buffer overflow vulnerabilities. Which of the following is True?
a. Buffer overflow vulnerabilities caused due to strcpy is avoided due to bounds check
b. This will not make any changes in the source code
c. Buffer overflow attack will not occur in this source code
d. None of these

Answer: d. None of these

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q8) Consider the following commands in a system that supports discretionary access control.
Which one of the following statements is TRUE?
A.There is no leakage of rights due to these commands
B.A leakage may occur when an owner of an object, executes CONFERwrite command.
C.A leakage may occur when a user with write permissions, executes ADD_READ command
a. Only A is correct
b. Only B is correct
c. Only C is correct
d. Both B and C is correct

Answer: b. Only B is correct

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q9) Your project manager asks you to ensure that a particular source code is free from buffer overflow vulnerabilities. Which of the following would you need to look out for.
a. scanf in the code
b. strcpy in the code
c. For loops that manipulate arrays
d. All of the above

Answer: b. strcpy in the code

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

Q10) Arrange the following, based on the order parameters are pushed onto the stack
a) Return address is pushed
b)The function call parameters
c)Previous frame pointers
d)Local variables are allocated
a) a, b, c, d
b) b, c, d, a
c) b, a , c, d
d) a, c, d, b

Answer: b) b, c, d, a

These are Introduction to Operating Systems NPTEL Assignment 8 Answers

All weeks of Introduction To Operating Systems: https://progiez.com/answers/nptel/introduction-to-operating-systems

More NPTEL Solutions: https://progies.in/answers/nptel

These are Introduction to Operating Systems NPTEL Assignment 8 Answers
The content uploaded on this website is for reference purposes only. Please do it yourself first.