操作系统代写 | SWEN90010 High Integrity Systems Engineering

本次澳洲代写主要为高完整性系统的限时测试

Question 1
Consider a fault-tolerant system that uses two servers A and B, where each server is
a redundant back-up of the other. If you were drawing a fault tree for this system, and
that fault tree had two nodes: “Server A Fails” and “Server B Fails”, that each
represented failure of one of the two servers, which type of gate would the two nodes
be connected by?

Consider a different system. This system contains a web server and a database
server. The web server handles requests from clients and, in order for it to handle
those requests, it communicates with the database server. Consider a fault tree for
this system that contains two nodes “Web Server Fails” and “Database Server
Fails”. Which type of gate would they be connected by?

Question 2

For each of the following threats, which STRIDE category does it best correspond to?

The attacker modifies the contents of a public website.

The attacker crashes the system, preventing other users from accessing it.

The attacker steals sensitive data pertaining to other customers.

The attacker pretends to be a legitimate user of the system.

The attacker is able to have their user account added to the “System Administrators”
group, i.e. they are able to obtain Administrator access to the system.

The attacker deletes the access logs for the system.

Question 3

Consider a simple Alloy model of the access control system for a learning
management system (LMS). The job of the access control system is to manage which
users have access to which subjects. It does so by storing for each user and each
subject the roles that the user has within that subject. Roles include being an
Administrator (who is allowed to change which users have access to which subjects
in which roles), an Instructor, a Tutor, and a Student.

We can model the various roles using the following Alloy signature declarations:
abstract sig Role {}
one sig Student, Tutor, Instructor, Administrator extends Role {}

We can model the access control state of this system using the following Alloy
signatures. Here ACL stands for “access control list” and represents the access
control state of the system.

sig Subject {}
sig User {}
sig ACL {
roles : User -> Subject -> Role
}

Complete the implementation of the following predicate which given a user u and
role r, and ACL a, says whether u has role r in any subject, according to the ACL a.