CSE 127: Computer Security Spring 2011Homework #1Due: Tuesday, April 26th, 2011, 11:00 am.Problem 1 Consider the following function, similar to bar in Project One’s target1:int bar(char *arg){char buf[20];strcpy(buf, arg);return 0;}When compiled with the Boxes compiler, this function disassembles as follows:0x08048434 <bar+0>: push %ebp0x08048435 <bar+1>: mov %esp,%ebp0x08048437 <bar+3>: sub $0x28,%esp0x0804843a <bar+6>: mov 0x8(%ebp),%eax0x0804843d <bar+9>: mov %eax,0x4(%esp)0x08048441 <bar+13>: lea -0x14(%ebp),%eax0x08048444 <bar+16>: mov %eax,(%esp)0x08048447 <bar+19>: call 0x8048348 <strcpy@plt>0x0804844c <bar+24>: mov $0x0,%eax0x08048451 <bar+29>: leave0x08048452 <bar+30>: retOn the x86, this function is vulnerable to a buffer overflow attack. Now suppose thatthe x86 architecture were modified so that the stack grew upwards: a push instructionhas the effect of increasing the value of the stack pointer by 4, not decreasing it, andother stack-manipulating instructions behave accordingly.(a) Give the assembly for the function bar if compiled on the stack-upwards x86.(b) Give a stack diagram showing the contents of the stack around bar immediatelyafter the call-strcpy instruction is executed by bar in the stack-upwards x86.(c) Is target1 still vulnerable to the strcpy buffer overflow on the stack-upwards x86?Why or why not?Problem 2 Ken Thompson’s paper, “Reflections on Trusting Trust,” describes a techniquefor installing an undetectable login backdoor by adding a second backdoor to thecompiler. The backdoored compiler inserts the appropriate backdoors when compilingthe login program and the compiler itself. Once the binary of the compiler, used forbootstrapping future systems, implements the backdoor, any trace of tampering canbe removed from the source. In this problem, we will explore a technique for detectingsuch an attack.Assume we have two C-language compilers: GCC and Clang. We suspect that nefarioushackers have inserted the Thompson backdoor into the GCC binary on our Linuxsystem, but we believe that these hackers are haven’t managed to corrupt the facultyand students at UIUC responsible for Clang. The entire Linux system doesn’t yetbuild with Clang, since many programs were written to expect GCC’s extensions tothe C language. But we can get Clang to build GCC. (The usual procedure is tocompile a new version of GCC using GCC itself; this is known as “self-hosting.”)Describe how we can reliably detect the presence of a GCC backdoor using the factthat we can compile GCC with Clang.Problem 3 On the second floor of the CSE building you will find locked bins for securelydisposing of documents. A company comes by periodically and empties these bins intotrucks featuring spiffy industrial-grade shredders. Or do they? . . .a. Can you, a member of the CSE department, be sure that the secure document shred-ding bins are actually legitimate? Describe how an attacker might maliciously goabout placing her own bins in the building.b. Why might an attacker want to install her “secure document shredding bins” inthe CSE department? What benefit might doing so give her?c. Can you think of an analog to such an attack in computer or network