6.033 Spring 2005: Preparation for Recitation 21

Read appendix B of chapter 11. This appendix provides a collection of war stories about security holes in supposedly-secure systems. Some of the security problems are due to stupidity, but many emerged even though the designers were smart and had the best intentions. Read them all through. Then, reread 5.2 (Nonobvious Trust (TOCTTOU)), 5.3 (Virtualizing the DMA (TOCTTOU 2)), 11.1 (But I Thought It Was Secure), and 16 (Framing Enigma) and identify the principles from section A.4 of chapter 11 that were violated in these three case studies.

Questions or comments regarding 6.033? Send e-mail to the 6.033 staff at or to the 6.033 TAs at

Top // 6.033 home // $Id: r-secwar.html,v 1.1 2005/04/08 22:10:59 stanrost Exp $