* 8 *
- Explain what is meant by private channel and covert channel.
Consider the following functions in C++:
void function(int a, int b) void function(int& a, int& b)
Which of these functions has a private channel to the calling function and
which has a covert channel? What does this mean?
- Global variables can also be considered as a means for covert communication.
Explain how the careless use of global variables can lead to errors in
- Compare the Clarke-Wilson model idea of using specialized programs
to provide access control with the use of specialized class-methods in
C++ or Java.
Graded problems - group work
This week the practical work is an experiment which has several purposes
Your group must finish and submit all its grades/reports within two weeks of this
- To review your work using a system based on peer review (this is the way ideas and work are evaluated in the real world, after college).
- To test an experimental examination system (could this be used in total or in part
instead of a traditional exam?).
- To consider the marking scheme itself as a security problem.
- For you to learn from others on your course, by reviewing their
work, as they review yours.
Each group has submitted the first part of the project as a signed file.
The signatures have been removed from the files so that they are
anonymous, and each group has been given three other groups' projects
to review. You have been given three projects at random. Your task is to:
- Look at the three projects which have been assigned to your group
and use the refereeing form below to
comment briefly on the work. You should also assign an overall score
from 0-5, where 5 is best, to say what you thought of the project.
For completing your reviews seriously, your group will receive course credit.
- For the second part of your group's project, discuss the
security of the procedure you have just undertaken.
- Where is trust placed?
- What measures are taken to increase trust?
- Is there any reason
to expect other groups to act impartially?
- Is the process truly
anonymous? Does it matter?
- Is there reason to trust the competence of
the persons judging your work?
- How reliable do you think the result will be? How reliable will it
be compared to a normal examination, with one internal and one external