Name:

SE550 final exam: Autumn 2001-2002

This is a closed-book, closed-note exam.

Answer all questions.

Time allowed: 2 hours

Total number of points: 100

Question 1 (10 points)

a) What is an object serialization algorithm?

b) What is remote method invocation (RMI)?

c) How is object serialization used in RMI?

Question 1 continued

Question 2 (10 points)

Consider the following class definition:

class Ref {
  Object contents;
  Ref (Object contents) { this.contents = contents; }
}

a) Write the XML which is sent when the following code is executed:

  Ref foo = new Ref ("fred");
  Ref bar = new Ref (foo);
  Ref baz = new Ref (bar);
  baz.contents = baz;
  xmlSerializer.writeObject (bar);
  xmlSerializer.writeObject (baz);
  baz.contents = "wilma";
  xmlSerializer.writeObject (baz);

b) Draw an object diagram showing the objects created when when an XML deserializer reads in the XML written out by your answer to part (a).

Question 2 continued

Question 3 (20 points)

For each of the following programs, say whether the message "hello world" is printed on the server or on the client. In each case, draw an interaction (or message-passing) diagram and give a short (one or two sentence) explanation for your answer.

a)

public class Client {
    public static void main (String[] args) throws Exception {
        String server = args[0];
        PrinterFactory pf = (PrinterFactory)(Naming.lookup ("//" + server + "/printerFactory"));
        Printer p = pf.build ();
        Printable hw = new PrintableImpl ("hello world");
        p.println (hw);
        System.exit (0);
    }
}
class Server {
    public static void main (String[] args) throws Exception { Naming.rebind ("printerFactory", new PrinterFactoryImpl ()); }
}
interface Printable extends Serializable {
    public void println (Printer p) throws RemoteException;
}
class PrintableImpl implements Printable {
    final String contents;
    PrintableImpl (String contents) { this.contents = contents; }
    public void println (Printer p) throws RemoteException { p.println (this.contents); }
}
public interface PrinterFactory extends Remote {
    public Printer build () throws RemoteException;
}
class PrinterFactoryImpl extends UnicastRemoteObject implements PrinterFactory {
    PrinterFactoryImpl () throws RemoteException { super (); }
    public Printer build () throws RemoteException { return new PrinterImpl (); }
}
public interface Printer extends Remote {
    public void println (String s) throws RemoteException;
    public void println (Printable p) throws RemoteException;
}
class PrinterImpl extends UnicastRemoteObject implements Printer {
    PrinterImpl () throws RemoteException { super (); }
    public void println (String s) throws RemoteException { System.out.println (s); }
    public void println (Printable p) throws RemoteException { p.println (this); }
}

Question 3 continued

b) As for part (a) except:

interface Printable extends Remote, Serializable {
    public void println (Printer p) throws RemoteException;
}
class PrintableImpl extends UnicastRemoteObject implements Printable {
    final String contents;
    PrintableImpl (String contents) throws RemoteException { 
        this.contents = contents; 
    }
    public void println (Printer p) throws RemoteException { 
        p.println (this.contents);
    }
}

Question 3 continued

c) As for part (b) except:

public interface Printer extends Serializable {
    public void println (String s);
    public void println (Printable p) throws RemoteException;
}
class PrinterImpl implements Printer {
    public void println (String s) {
        System.out.println (s);
    }
    public void println (Printable p) throws RemoteException { 
        p.println (this);
    }
}

Question 4 (25 points)

a) What is garbage collection?

b) What is reference counting garbage collection?

c) Give an example of how reference counting garbage collection can recover space.

d) What is object leasing?

e) Give an example of why object leasing is required in the case of network failure.

f) Give an example of how Java's distributed garbage collection algorithm can result in dangling remote pointers.

Question 4 continued

Question 5 (20 points)

a) What is a digital signature?

b) How can a digital sigature be implemented using hashing and asymmetric encryption?

c) What is a certificate?

d) What is a certificate chain?

e) What is a web-of-trust model for certificates?

f) What is a hierarchical model for certificates?

g) Give one advantage and one disadvantage of the web-of-trust model over the hierarchical model.

Question 5 continued

Question 6 (15 points)

A variant of the Needham-Schroeder key exchange protocol (where A generates a session key KAB) is:

a) Explain the purpose of each of the messages in this variant of the Needham-Schroeder protocol.

b) Show how an attacker Charlie can use this variant of the Needham-Schroeder protocol to fool Bob into believing that Charlie is Alice.

c) Provide a corrected version of the protocol which does not suffer from the problem described in part (b).

Question 6 continued

Worksheet

You can use this sheet as scrap paper.

Worksheet

You can use this sheet as scrap paper.

Worksheet

You can use this sheet as scrap paper.

Worksheet

You can use this sheet as scrap paper.