CSE 127: Computer Security Spring 2010Homework #1Due: Thursday, April 29th, 2010, 11:00 am.Note: You may take no more than five late days on this homework.Problem 1 Consider the following function, similar to bar in Project One’s target1:int bar(char *arg){char buf[20];strcpy(buf, arg);return 0;}When compiled with the Boxes compiler, this function disassembles as follows:0x08048434 <bar+0>: push %ebp0x08048435 <bar+1>: mov %esp,%ebp0x08048437 <bar+3>: sub $0x28,%esp0x0804843a <bar+6>: mov 0x8(%ebp),%eax0x0804843d <bar+9>: mov %eax,0x4(%esp)0x08048441 <bar+13>: lea -0x14(%ebp),%eax0x08048444 <bar+16>: mov %eax,(%esp)0x08048447 <bar+19>: call 0x8048348 <strcpy@plt>0x0804844c <bar+24>: mov $0x0,%eax0x08048451 <bar+29>: leave0x08048452 <bar+30>: retOn the x86, this function is vulnerable to a buffer overflow attack. Now suppose thatthe x86 architecture were modified so that the stack grew upwards: a push instructionhas the effect of increasing the value of the stack pointer by 4, not decreasing it, andother stack-manipulating instructions behave accordingly.(a) Give the assembly for the function bar if compiled on the stack-upwards x86.(b) Give a stack diagram showing the contents of the stack around bar immediatelyafter the call-strcpy instruction is executed by bar in the stack-upwards x86.(c) Is target1 still vulnerable to the strcpy buffer overflow on the stack-upwards x86?Why or why not?Problem 2 Ken Thompson’s paper, “Reflections on Trusting Trust,” describes a techniquefor installing an undetectable login backdoor by adding a second backdoor to thecompiler. The backdoored compiler inserts the appropriate backdoors when compilingthe login program and the compiler itself. Once the binary of the compiler, used forbootstrapping future systems, implements the backdoor, any trace of tampering canbe removed from the source. In this problem, we will explore a technique for detectingsuch an attack.Assume we have two C-language compilers: GCC and Clang. We suspect that nefarioushackers have inserted the Thompson backdoor into the GCC binary on our Linuxsystem, but we believe that these hackers are haven’t managed to corrupt the facultyand students at UIUC responsible for Clang. The entire Linux system doesn’t yetbuild with Clang, since many programs were written to expect GCC’s extensions tothe C language. But we can get Clang to build GCC. (The usual procedure is tocompile a new version of GCC using GCC itself; this is known as “self-hosting.”)Describe how we can reliably detect the presence of a GCC backdoor using the factthat we can compile GCC with Clang.Problem 3 We would like a firewall ruleset that (1) allows outgoing HTTP (TCP port 80)traffic, but (2) disallows outgoing SSH (TCP port 22) traffic, (3) blocks all otherincoming or outgoing connections, and (4) also performs ingress and egress filtering.Assume that the internal network has IP addresses 60.70.*.*.(a) Using the firewall rule notation given in class, specify a firewall ruleset that im-plements the policy above.(b) Suppose users inside the firewalled network wish to make SSH connections tothe outside world even though they’re not allowed by policy. Suppose that theadministrator of the server (outside the firewall) they’d like to SSH to is cooper-ative. How can these users and the SSH server administrator conspire to defeatthe firewall policy?(c) What can the firewall administrator do about