Introduction to Operating Systems Nptel Week 8 Answers
Are you looking for Introduction to Operating Systems Nptel Week 8 Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 8 assignment in the Introduction to Operating Systems course.
Introduction to Operating Systems Nptel Week 8 Answers
Introduction to Operating Systems Nptel Week 8 Answers (July-Dec 2024)
A user with confidential clearance has read only rights to a top secret file. He decides to save a copy of the file and email it to all his friends on Facebook. This breach of information can be prevented by implementing Bell-la-Padula model. A) True B) False
Answer: B) False
Your project manager asks you to ensure that a particular source code is free from buffer overflow vulnerabilities. Which of the following would you need to look out for? A) scanf in the code B) strcpy in the code C) For loops that manipulate arrays D) All of the above
Answer: D) All of the above
Address Space Layout Randomization randomizes the size of all arrays and thereby makes it difficult to overflow buffers. True False
Answer: B) False
Arrange the following, based on the order parameters are pushed onto the stack A) Return address is pushed B) Local variables are allocated C) Previous frame pointers D) The function call parameters
A) a, b, c, d B) b, c, d, a C) b, a, c, d D) d, a, c, b
Answer: D) d, a, c, b
Gadgets are short sequences of instructions that ends with return instruction. A) True B) False
Answer: A) True
These are Introduction to Operating Systems Nptel Week 8 Answers
An ROP attack can potentially be detected at run-time by A) Canaries B) The number of return statements executed in the processor C) The number of return statements present in the executable D) By a non-executable stack
Answer: A) Canaries
The number of gadgets present in an implementation depends on the number of return instructions in the machine code. A) True B) False
Answer: A) True
Programmer X has found that the source code has a buffer overflow vulnerability caused by strcpy instruction. He then used strncpy in place of strcpy to prevent buffer overflow vulnerabilities. Which of the following is true? A) Buffer overflow vulnerabilities caused due to strcpy is avoided due to bounds check B) This will not make any changes in the source code C) Buffer overflow attack will not occur in this source code D) None of these
Answer: D) None of these
Match the following: A) Secrecy – 1) Limits the resource usage B) Integrity – 2) Unauthorized modification C) Availability – 3) Unauthorized disclosure
A) a-1, b-2, c-3 B) a-2, b-3, c-1 C) a-3, b-2, c-1 D) None of these
Answer: C) a-3, b-2, c-1
A gadget that ends with a branch instruction can never be used for an ROP attack. True False
Answer: B) False
These are Introduction to Operating Systems Nptel Week 8 Answers
All weeks of Introduction to Operating Systems: Click Here
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q1. Suppose a source code has buffer overflow vulnerabilities. Which of the following can cause buffer overflow vulnerabilities scanf(“%s”,…) strcpy(destination,source) send command used for network connection Only A B and C A and B All of the above
Answer: All of the above
Q2. State True/False The non executable stack helps to prevent buffer overflow attack, but the overhead for making a stack as non executable stack is more than that of canaries. True False
Answer: False
Q3. Arrange the following, based on the order the parameters are pushed into the stack Return address is pushed The function call parameters Previous frame pointers Local variables are allocated a, b, c, d b, c, d, a b, a , c, d a, c, d, b
Answer: b, a , c, d
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q4. User X has found that s source code has a buffer overflow vulnerability caused by strcpy instruction. He then used strncpy in place of strcpy to prevent buffer overflow vulnerabilities. Which of the following is True Buffer overflow attack will not occur in this source code Buffer overflow vulnerabilities caused due to strcpy is avoided to some extend since it do the bound check This will not make any change in the source code None of these
Answer: Buffer overflow vulnerabilities caused due to strcpy is avoided to some extend since it do the bound check
Q5. State True/False The number of gadgets present in the implementation depends on the number of C3 instruction in the machine code True False
Answer: False
Q6. Match the following Gadget 1) pseudo random number which detect the buffer overflow Canaries 2) Short sequence of instruction ends with return Shellcode 3) Execute inside the stack ASLR 4) Specific address location a-4, b-3, c-2, d-1 a-2, b-1, c-4, d-3 a-1, b-2, c-4, d-3 a-2, b-1 c-3, d-4
Answer: a-2, b-1 c-3, d-4
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q7. ASLR randomizes The size of all arrays, thereby making it difficult to perform buffer overflows All instructions in the program Positions of the stack, heap, and libraries Position of all variables in the stack
Answer: Positions of the stack, heap, and libraries
Q8. Match the following: Secrecy 1)Limit the resource usage Integrity 2)Unauthorized modification Availability 3)Unauthorized disclosure a-1, b-2, c-3 a-2, b-3, c-1 a-3, b-2, c-1 None of these
Answer: a-3, b-2, c-1
Q9. Consider the following commands in a system that supports discretionary access control. Which one of the following statements is TRUE? There is no leakage of rights due to these commands A leakage may occur when a user with write permissions, executes ADD_READ command A leakage may occur when a user with write permissions, executes ADD_DELETE command Only A is correct Only B is correct Only C is correct Both B and C is correct
Answer: Only C is correct
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q10. Suppose in a system you have 2000 files and 4 user, who has access rights on these files. Which on of the following will be the best method to implement access control ? Using an authorization table Using a capability based implementation Using access control lists Any of the above would techniques would work well
Answer: Any of the above would techniques would work well
Q11. Which of the following is False for the Information flow policies Information can only flow from one security class to another is less secure Information can flow from a lower class to a higher class is less secure Combine information from a lower class with a higher class will result in a higher class is less secured Combine information from one class with another information from another class will result in same class is more secure
Answer: Information can only flow from one security class to another is less secure
Q12. State True/False In mandatory access control, information from top secret object will not flow to secret and vice versa. True False
Answer: False
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q13. A user X with secret clearance decides to transfer information to a third party Y. And Y tries to make changes in the confidential class. This breach of information can be prevented by _____. Implementing access control matrix Implementing Bell-laPadula model Implementing the Biba Model None of the above
Answer: Implementing Bell-laPadula model
Q14. Using a Biba model, a user X can read a file Y and can write a file Z. Which of the following is TRUE? X has clearance Confidential, Y is a Top Secret file and Z is a confidential file X has secret Confidential, Y is a Unclassified File and Z is a confidential file X has secret Confidential, Y is a secret file and Z is a confidential file A and C are TRUE B and C are TRUE A and B are TRUE Only A is TRUE
Answer: A and C are TRUE
Q15. In a company, there are 4 levels of employees: Top management, group-leaders, team-leaders, and staff. The top management takes feedback from all leaders employees and then creates new policy document from the company. The new document should be classified ____. A top management document A team-leader document A staff document A public document
Answer: A team-leader document
Introduction to Operating Systems Nptel Week 8 Answers (Jan-Apr 2023)
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q1) ASLR randomizes the position of all variables in the stack and thereby making it difficult to perform buffer overflows. a. True b. False
Answer: a. True
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q2) Match the following a)Gadget 1) pseudo random number which detects buffer overflow b)Canaries 2) Short sequence of instructions ending in a return c)Shellcode 3) May execute in the stack if the NX bit is disabled d)ASLR 4) helps prevent ROP attacks a. a-4, b-3, c-2, d-1 b. a-2, b-1, c-4, d-3 c. a-1, b-2, c-4, d-3 d. a-2, b-1 c-3, d-4
Answer: c. a-1, b-2, c-4, d-3
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q3) How does the NX bit prevent buffer overflow attacks? a. It prevents buffers from overflowing b. It prevents certain code from executing in data segments c. It prevents the return address in the stack being replaced by an arbitrary location d. All of the above
Answer: d. All of the above
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q4) An ROP attack can potentially be detected at run-time by a. Canaries b. The number of return statements executed in the processor c. The number of return statements present in the executable d. By a non-executable stack
Answer: c. The number of return statements present in the executable
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q5) In the Bell-Lapadula model, information from top secret object will not flow to secret clearance. a. True b. False
Answer: b. False
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q6) A user X with secret clearance decides to transfer information to a third party Y and Y tries to make changes in the confidential class. This breach of information can be prevented by _________________. a. Implementing access control matrix b. Implementing Bell-laPadula model c. Implementing the Biba Model d. None of the above
Answer: d. None of the above
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q7) Programmer X has found that the source code has a buffer overflow vulnerability caused by strcpy instruction. He then used strncpy in place of strcpy to prevent buffer overflow vulnerabilities. Which of the following is True? a. Buffer overflow vulnerabilities caused due to strcpy is avoided due to bounds check b. This will not make any changes in the source code c. Buffer overflow attack will not occur in this source code d. None of these
Answer: d. None of these
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q8) Consider the following commands in a system that supports discretionary access control. Which one of the following statements is TRUE? A.There is no leakage of rights due to these commands B.A leakage may occur when an owner of an object, executes CONFERwrite command. C.A leakage may occur when a user with write permissions, executes ADD_READ command a. Only A is correct b. Only B is correct c. Only C is correct d. Both B and C is correct
Answer: b. Only B is correct
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q9) Your project manager asks you to ensure that a particular source code is free from buffer overflow vulnerabilities. Which of the following would you need to look out for. a. scanf in the code b. strcpy in the code c. For loops that manipulate arrays d. All of the above
Answer: b. strcpy in the code
These are Introduction to Operating Systems NPTEL Assignment 8 Answers
Q10) Arrange the following, based on the order parameters are pushed onto the stack a) Return address is pushed b)The function call parameters c)Previous frame pointers d)Local variables are allocated a) a, b, c, d b) b, c, d, a c) b, a , c, d d) a, c, d, b
