15. What is the central idea in Bell Lapadula access control model & how is it achieved? 16, what are the read and write properties in Bell Lapadula access control model? Give an example 17. Consider a computer system with three users: Alice, Bob, and Cyndy Alice owns the file alicerc, and Bob and Cyndy can read it. Cyndy can read and write the file bobre, which Bob owns, but Alice can only read it. Only Cyndy can read and write the file cyndyr which she owns. Assume that the owner of each of these files can execute it (a) Create the corresponding access control matrix (b) Cyndy gives Alice permission to read cyndyrc, and Alice removes Bob's ability to read alicerc. Show the new access control matrix 18. Alice can read and write to the file x, can read the file y, and can execute the file z. Bob can read x, can read and write to y, and cannot access z (a) Write a set of access control lists for this situation. Which list is associated with which file? (b) Write a set of capability lists for this situation. With what is each list associated? 19. Briefly describe Trusted Computing Base (TCB) and its objective. 20. Briefly describe reference monitor as an access control enforcement mechanism, its properties, and components. 21. Why does operating system need to control processes' access to memory and how does it enforce security? 22. Why do Unix's syscalls for accessing shared-memory resources ignores execute flag? 23. What's a buffer-overflow attack and the two steps involved in this attack? 24. What's the purpose of using "nops/nop slide" by an attacker, in a buffer overflow attack? 25. How are stack canaries used to prevent change of program's control flow in buffer- overflow attacks? 26. What countermeasure does OS use to prevent attacker's code from being injected a executed, in buffer-overflow attacks? 7. Briefly describe Return to libc and defenses against this attack