CMSC 414 Spring 2001

Homework 2

Due Feb 15, 2001 prior to the start of class

 
 
1. Explain why the index of coincidence decreases as the number of enciphering alphabets increases. (problem 17  Exercise 2.12)

2. Two substitution ciphers, applied one after another, may provide no more security than one substitution. (Such a cipher is called the product of the two underlying ciphers.) The product of two relatively simple ciphers, such as a substitution cipher and a transposition, can achieve a high degree of security. Explain why. (problem 23,24 Exercise 2.12)

3. Read the stack smashing paper. One way to prevent stack smashing is as follows. The compiler inserts a "canary" value on the memory location before the return address in the stack. Whenever there is a return from the function call, we check if the "canary" value has been overwritten or not. Explain why this will work. Also, give the pseudocode for the function prologue and epilogue to do this. You may want to look at the stackguard paper, which can be downloaded from http://www.immunix.org/StackGuard/usenixsc98.pdf

4. Java is "safe" from buffer overflows. Does that make it more appropriate to use as a development language when security is a concern? Be sure and weigh all of the risks involved in product development- not just the security aspects.