These questiоns аre relаted tо design principles fоr secure systems. I. Consider а security screening setting like the one that is done at airports before travelers are allowed to board flights. Assume a certain airport uses the following screening protocols.1. Everyone, except those who are explicitly exempted, must undergo the security screening.2. All travelers go through the first screening stage. A subset of travelers are also flagged for a second screening.3. Once successfully screened, travelers only have access to the areas of the airport where their gates are located. What security design principle can be used to explain each of the above choices made for air travel security? Explain your answers. (2+2+2)II. The “Reflections on Trusting Trust” paper described a trojan in a compiler binary that could not be detected even if we had access to and examined the source of the compiler. We discussed how the defense-in-depth principle can help us detect if the trojan exists in a compiler by using two independently developed compilers when at least one of them is correct. We could determine if one of the compilers has the trojan but could not ascertain which one is malicious. To answer this question, the following idea is suggested. Instead of two, we will get three independently developed compilers such that no more than one could be malicious.1. If at least two of the compilers are good, can we use these three compilers to detect the bad one when one exists? (1 pts.)2. Explain your answer to question 2.1. More specifically, if your answer is no, explain why this is not possible. If the answer is yes, show how the bad compiler can be identified. (3 pts.)
The first questiоn is inspired by the CrоwdStrike incident frоm 2024 but you do not need to know the detаils of whаt exаctly happened. You will be provided with the information necessary to answer this question, and its goal is to test your knowledge of a trusted computing base (TCB).The CrowdStrike incident was caused by an update that resulted in the introduction of a bug in code that, when executed, crashed millions of Windows machines, leading to worldwide disruption of information technology services in many sectors. First, describe the requirements that should be met by a trusted computing base (TCB). (3 pts.) If the CrowdStrike agent ran outside of the TCB as an unprivileged user process, could a bug in the agent crash the entire system as it actually did? Explain your answer by discussing a TCB requirement that supports it. (1+1 pts.) We discussed that each address space, where a process executes, has ranges where user and system code/data are stored. Based on an analysis of the CrowdStrike incident, it was reported that an error that resulted in illegal memory access and page fault was the reason for the system crash. Was address of the illegal memory reference in the system or the user part of the address space? Explain your answer. (1+1 pts.) An analysis of the CrowdStrike bug showed that the cause of the crash was an error where the required number of arguments were not passed to a call. As a result, a pointer dereference led to illegal memory access, causing the system to crash. If code with such a bug was part of the TCB, which of the TCB requirements would be violated? (1+1+1 pts.)