Assignment-05-Solutions
.pdf
keyboard_arrow_up
School
Carleton University *
*We aren’t endorsed by this school
Course
4810
Subject
Computer Science
Date
Jan 9, 2024
Type
Pages
26
Uploaded by CountFlagTrout38 on coursehero.com
SYSC 4810: Introduction to Network and Software Security
Module 5
Assignment
Fall 2021
Dr. J. Jaskolka
Carleton University
Department of Systems and Computer Engineering
Posted: November 11, 2021
Due: November 28, 2021
Due on Sunday, November 28, 2021 by 11:59PM
This assignment contains 26 pages (including this cover page) and 9 problems.
You are responsible for
ensuring that your copy of the assignment is complete.
Bring any discrepancy to the attention of your
instructor.
Special Instructions:
1.
Do as many problems as you can.
2. Start early as this assignment is much more time consuming than you might initially think!
3. The burden of communication is upon you. Solutions not properly explained will not be considered
correct. Part of proper communication is the appearance and layout. If we cannot “decode” what you
wrote, we cannot grade it as a correct solution.
4. You may consult outside sources, such as textbooks, but
any use
of
any source
must
be documented
in the assignment solutions.
5. You are permitted to discuss
general aspects
of the problem sets with other students in the class, but
you must hand in your own copy of the solutions.
6. Your assignment solutions are due by 11:59PM on the due date and must be submitted on
Brightspace
.
•
Late assignments will be graded with a late penalty of 20% of the full grade per day
up to 48
hours past the deadline
.
7. You are responsible for ensuring that your assignment is submitted correctly and without corruption.
Problem
1
2
3
4
5
6
7
8
9
Total
Points:
10
15
10
11
11
8
5
5
10
85
Page 1 of 26
SYSC 4810 — Module 5
Assignment
Due Date: November 28, 2021
In this assignment, you will participate in activities related to conducting attacks exploiting buffer overflow
vulnerabilities in software systems.
This assignment aims to assess your understanding of buffer overflow
attacks, how they work, and controls for dealing with them.
Acknowledgment
This assignment is based off the “Buffer Overflow Attack Lab (Server)” SEED Lab developed by Wenliang
Du at Syracuse University.
Background Research
A significant portion of this assignment is to do the required background research on fundamentals of
programming and software development including the
execution stack
,
stack and frame pointers
,
registers
,
and
memory addressing
, as well as working with basic software development tools.
Keep in mind that
a substantial component of any software or computer systems project is to solve and/or eliminate the
underlying technical difficulties. This often means exploring user manuals and documentation.
Submission Requirements
Please read the following instructions very carefully and follow them precisely when submitting your assignment!
The following items are required for a complete assignment submission:
1.
PDF Assignment Report
: Submit a detailed report that carefully and concisely describes what
you have done and what you have observed. Include appropriate code snippets and listings, as well
as screenshots of program outputs and results. You also need to provide an adequate explanation of
the observations that are interesting or surprising. You are encouraged to pursue further investigation
beyond what is required by the assignment description.
2.
ZIP Archive of Source Code
: In addition to embedding source code listings in your assignment
report, create and submit a ZIP archive of all programs that you write for this assignment.
Please
name each of your source code files with the problem number to which they correspond (e.g., for
Problem 2(a), the source code file should be named
Problem2a.c
).
Your source code must compile
and run, producing the desired output. Also, please remember to provide sufficient comments in your
code to describe what it does and why.
3.
ZIP Archive of Screenshot Image Files
: In addition to embedding screenshots of program outputs
and results in your assignment report, create and submit a ZIP archive of all of the raw screenshot
images that you capture for this assignment.
Grading Notes
An important part of this assignment is following instructions. As such, the following grade
penalties
will
be applied for failure to comply with the submission requirements outlined above:
•
Failure to submit an Assignment Report will result in a grade of
0
for the assignment.
•
Failure to submit the Source Code files will result in deduction of
10%
of the full grade of the assignment.
•
Failure to submit the Screenshot Image files will result in deduction of
10%
of the full grade of the
assignment.
•
Failure of Source Code to compile/run will result in a grade of
0
for the corresponding problem(s).
•
Failure to submit any deliverable in the required format (PDF or ZIP) will result in deduction of
5%
of the full grade of the assignment.
Page 2 of 26
SYSC 4810 — Module 5
Assignment
Due Date: November 28, 2021
Part I
Assignment Challenge
1
Introduction
Imagine that you work for a large software development firm called
SecureTech Industries
. The organization
has just received a major investment to hire a significant number of new quality assurance engineers. Because
the development of secure software and systems is a top priority for
SecureTech Industries
, the organization is
launching an initiative to develop a penetration testing training program for new hires (trainees). Your direct
supervisor has just assigned you to prepare the training materials related to buffer overflow vulnerabilities
and countermeasures that will be provided to all new hires. The details of the assignment, including your
supervisor’s expectations, are provided in the sections below.
The different parts of this assignment are designed to guide your investigation and to prepare the different
aspects for the training materials.
At the end of the assignment, you will be required to summarize the
take-away points for new hires so that they can better understand buffer overflow vulnerabilities, attacks,
and countermeasures.
2
Context
Your supervisor has sent you the following email explaining what is expected for the training materials:
Hello,
I am sure by now that you have seen the latest memo indicating that we have secured a large
investment to hire a new batch of quality assurance engineers. You would have also seen that
we need to prepare a new set of penetration testing training materials as part of the upgraded
security training program that comes with this investment. This means we have lots of work to
do.
I need you to prepare the training materials for the buffer overflow training module for our new
hires. I have asked the senior development team to provide some sample code to help with this
task. This sample code, along with what you develop, will be provided as part of the training
package that is provided to new hires. It will enable them to get their hands dirty by trying out
a few different approaches for learning how to exploit buffer overflow vulnerabilities on server
programs and for understanding the different countermeasures that can be be put in place to
prevent them. We want our new hires to be aware of the potential ways in which they can get
root shells can by conducting buffer overflow attacks, as well as the ways in which buffer overflow
countermeasures work and their relative strengths and weaknesses.
The training materials that you prepare need to be well-organized and provide very detailed
steps of how to conduct the different experiments that we want the new hires to carry out as part
of their hands-on training. The new hires should be able to do everything based on the report
that you prepare and enable them to perform self-checks to ensure that they are successful in
completing the experiments. This means you should provide screenshots and code fragments to
help them understand what they should expect in terms of the outcomes of their experiments.
Effectively, you should think of preparing your report as a complete walkthrough of the various
experiments and tasks.
I know I can count on you for this.
Thanks,
JJ
Page 3 of 26
SYSC 4810 — Module 5
Assignment
Due Date: November 28, 2021
3
Obligations
At the end of this assignment, you will be required to deliver the following information and outcomes:
1. A report that can act as a training manual for new hires to better understand buffer overflow
vulnerabilities, attacks, and countermeasures. The report should be a complete walkthrough providing
a detailed explanation of all of the steps involved in carrying out the various activities and tasks that
will be part of the penetration testing training program module related to buffer overflows.
2. A summary of the main take-away points of the training module, including a list of recommendations
(“do’s and don’ts”), so that the trainees can be better prepared to protect their programs from buffer
overflow vulnerabilities.
This must be provided in a single, well-organized report.
Page 4 of 26
SYSC 4810 — Module 5
Assignment
Due Date: November 28, 2021
Part II
Environment Setup
This assignment will be conducted using a pre-built virtual machine (VM) image.
We will assume that
you already have a virtual machine set up from the Module 1 Assignment.
For this assignment, you will
be attacking four different servers with varying levels of difficulty.
We will use containers to set up this
environment.
1
Container Setup and Commands
Please download the
Setup.zip
file to your VM from from the assignment resources for this assignment on
Brightspace, unzip it, enter the
Setup
folder, and use the
docker-compose.yml
file to set up the assignment
environment.
In what follows, we recall some of the commonly used commands related to Docker and Compose. Since we
are going to use these commands very frequently, aliases have been created for them in the
.bashrc
file in
the provided VM image.
$ docker-compose build
// Build the container image
$ docker-compose up
// Start the container
$ docker-compose down
// Shut down the container
// Aliases for the Compose commands above
$ dcbuild
// Alias for: docker-compose build
$ dcup
// Alias for: docker-compose up
$ dcdown
// Alias for: docker-compose down
All the containers will be running in the background. To run commands on a container, we need to get a
shell on that container. We first need to use the
docker ps
command to find out the ID of the container,
and then use
docker exec
to start a shell on that container.
Aliases have been created for them in the
.bashrc
file in the provided VM image.
$ dockps
// Alias for: docker ps --format "{{.ID}} {{.Names}}"
$ docksh <id>
// Alias for: docker exec -it <id> /bin/bash
// The following example shows how to get a shell inside hostC
$ dockps
b1004832e275 hostA-10.9.0.5
0af4ea7a3e2e hostB-10.9.0.6
9652715c8e0a hostC-10.9.0.7
$ docksh 96
root@9652715c8e0a:/#
// Note: If a docker command requires a container ID, you do not need to
//
type the entire ID string. Typing the first few characters will
//
be sufficient, as long as they are unique among all the containers.
If you encounter problems when setting up the environment, please read the “Common Problems” section of
the
DOCKER MANUAL
for potential solutions.
*Important Note*
Before running “docker-compose build” to build the docker images, you need to
compile and copy the
server
code to the
bof-containers
folder. This step is described in Section
2
.
Page 5 of 26
SYSC 4810 — Module 5
Assignment
Due Date: November 28, 2021
2
The Vulnerable Program
The vulnerable program used in this assignment is called
stack.c
, which is in the
server-code
folder.
This program has a buffer-overflow vulnerability. Throughout this assignment, your job is to exploit this
vulnerability and gain the root privilege on the server machines. The code listed below has some non-essential
information removed, so it is slightly different from what is provided in the setup files.
1
#include
<stdlib.h>
2
#include
<stdio.h>
3
#include
<string.h>
4
5
/* Changing this size will change the layout of the stack. */
6
#ifndef
BUF_SIZE
7
#define
BUF_SIZE 100
8
#endif
9
10
int
bof(
char
*str)
11
{
12
char
buffer[BUF_SIZE];
13
14
/* The following statement has a buffer overflow problem */
15
strcpy(buffer, str);
16
17
return
1;
18
}
19
20
int
main(
int
argc,
char
**argv)
21
{
22
char
str[517];
23
24
int
length = fread(str,
sizeof
(
char
), 517, stdin);
25
bof(str);
26
fprintf(stdout,
"==== Returned Properly ====\n"
);
27
return
1;
28
}
The above program has a buffer overflow vulnerability.
It reads data from the standard input, and then
passes the data to another buffer in the function
bof()
. The original input can have a maximum length of
517 bytes, but the buffer in
bof()
is only
BUF_SIZE
bytes long, which is less than 517. Because
strcpy()
does not check boundaries (Line 15), buffer overflow will occur.
The program will run on a server with the root privilege, and its standard input will be redirected to a
TCP connection between the server and a remote user. Therefore, the program actually gets its data from
a remote user. If users can exploit this buffer overflow vulnerability, they can get a root shell on the server.
2.1
Compilation
To compile the above vulnerable program, we need to turn off the
StackGuard
and the non-executable stack
protections using the
-fno-stack-protector
and
-z execstack
options. The following is an example of
the compilation command (the
L1
environment variable sets the value for the
BUF_SIZE
constant inside
stack.c
).
$ gcc -DBUF_SIZE=$(L1) -o stack -z execstack -fno-stack-protector stack.c
The stack program will be compiled into both 32-bit and 64-bit binaries. The VM environment is a 64-bit
VM, but it still supports 32-bit binaries. All we need to do is to use the
-m32
option in the
gcc
command.
Page 6 of 26
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Related Questions
As part of a website redesign at Sunshine State University, a directory search application was developed. It allows any- one to search for Sunshine State students, staff, and faculty names and email addresses. Before the website is released to the public, you have been asked to work with the team evaluating the security. And you found out this system could possibly be suffering for system misconfiguration. write a paragraph brief (one to two paragraphs) summary of your findings that could be presentedto the administration of Sunshine State University. Make sure to include:a) What vulnerability or vulnerabilities this application suffer from?b) Possible harm that could come from this vulnerability.c) Reasons that you feel this vulnerability is presen
arrow_forward
CS 386 Project: Overview
Project Synopsis: This group project will require your group to design and implement your own
enciphering algorithm. Your team's algorithm must combine the two operations, substitution and
permutation/transposition, into your unique encryption algorithm. Your encryption algorithm must include
multiple rounds of the two operations. You program must be able to encrypt and decrypt messages. Your
team will need to give your algorithm a name that is unique to your encryption technique. Your group may
arrow_forward
Joe Green, a system administrator for a large corporation, is installing a new software package on Chuck Dennis’ personal computer. The company has not authorized Joe to read the employees’ e-mail, Web logs, or personal files. However, in the course of installing the software, he accidentally comes across directories containing files with suspicious-looking names. He opens a few files and discovers they contain child pornography. Joe believes possessing such images is unethical for their profession. What should he do?
Acme Corporation licenses a sophisticated software package to many private and government agencies. Kyla is one of Acme's employees who works in the support organization. She mostly provides phone support but also teaches an on-site class from time to time. In fact, she created many of the instructional materials used in these classes. One day Kyla gets a call from Maria, who works for a government agency that uses Acme's software package. Maria offers to pay Kyla Php…
arrow_forward
All of the following statements are true in regards to clipping levels except for which one?
Activity below a clipping level is considered normal and expected
When the clipping level is exceeded, a violation record may be recorded
All abnormal activity, including intrusions, will cross a clipping level
The use of clipping levels is considered a preventative technical access control method
arrow_forward
Methods of categorising access control measures are discussed. The various types of controls that can be found in each will be discussed.
arrow_forward
Kindly help me.
arrow_forward
You were hired to take photos in a Prohibited area. Are you allowed to fly your sUAS within that Prohibited area?
Yes, only if the remote PIC applies for a waiver first.
Yes, Prohibited just means more fun
No, a remote PIC is never permitted to fly within a Prohibited area.
Yes, provided you've received prior authorization from the FAA.
arrow_forward
An exhaustive breakdown of the Access Control List is presented.
arrow_forward
You've been warned about a ransomware assault known as Ryuk. Assume that each infected device will cost you $100 to restore your files.
Write a one-page executive briefing (in memo style) outlining the following actions to address the danger you've identified:
Find out about a security danger and/or breach and study the information you findAssess the danger and prepare a briefing for senior management (a one-page paper in Word, PDF, etc.)Write a concise summary of the main aspects of the problemWhat effect, if any, could it have on St. Eligius?Make suggestions for short-term measures to reduce the risk.Suggestions for long-term mitigation
arrow_forward
Task Instructions
X
Protect the current worksheet, letting users select both
locked and unlocked cells, but only make changes to
unlocked cells. Use the password cengage to prevent
unauthorized changes to the worksheet protection
settings.
arrow_forward
Question 43
Select the appropriate response
True or False: Most back injuries are due to improper removal and replacement of the ladder on the
company truck.
True
O False
Submit Response
arrow_forward
▾ Topic 1
(Refers to Lesson #1) Discuss how the definition of privacy that is commonly used (freedom from observation) may differ from the
definition of privacy from the information security perspective (freedom from unsanctioned intrusion).
Topic 2
▸ Topic 3
8
f
ion_topics/2947715?module_item_id=12935597#
Q Search
S
T
Q Search entries or author
G
H
N
& 7
M
Unread
hp
3
K
fo
↑
©
E
fo
F11
P
alt
112
C
**
ļ
Insert
ctn
E
pause
10:14
10/30/20
backspace
arrow_forward
dont post copied one sure report
arrow_forward
Kim is working on a project on the health of young mothers among poor people. Since she had little time, she only collected data from the experts who work with these women. Just before the deadline, Kim found that all her project files were locked and wouldn’t open without an access key. She then received an email from her friend Tom that told her to transfer 500 dollars unless she wanted all the project files deleted forever. She immediately called Tom and was baffled to know that all passwords and data saved inside Tom’s laptop were somehow leaked and he could not access any of his accounts. Apparently both Kim and Tom downloaded some files from a third party website and faced these problems afterwards. Sadly, Kim had to pay 500 dollars to retrieve her project and Tom had to reset his entire laptop and delete all his digital information to get rid of the malware.
a. Compare and contrast among the Observation method and the method used by Kim for information collection.
b. What made…
arrow_forward
All red alerts indicated in the NMS will be immediately resolved.
A) It is correct.
B) False
arrow_forward
Operating systems and most other types of software aren't completely bug-free when they're initially launched. There are applications out there that have tens of thousands of issues, which are referred to as bugs. Known problems with published software are routinely corrected by software firms via the provision of fixes (also known as patches). The day after a new vulnerability is publicly disclosed, hackers and other criminals often launch zero-day assaults to exploit it. No one can deny that these criminals' actions are unethical, but in the event that their negligence or haste to market causes harm to customers, what duty does a software firm have? What responsibilities do computer users have in terms of staying up to date on security patches?
arrow_forward
Instructions
Value: 6
Match the items.
a. Need-to-know standard applied to limit access to PHI for payment and operations purposes
b. Requires a CE to comply with federal law when state privacy law is contrary to federal law
c. Designated individual responsible for the privacy policies and procedures of a CE
d. Data on personal characteristics, including elements such as SSN and account number, have been removed
e. Required from the patient for disclosure of PHI, unless an exception such as TPO is met
f. Obtained from patients by providers for general use and disclosure of PHI for purposes of TPO
1. Consent
2. Authorization
3. Minimum necessary
4. Deidentified information
5. Preemption
6. Privacy officer
Fallow the
Check Answer
arrow_forward
What circumstances preclude a standstill?
arrow_forward
Describe an access control situation using one of the four techniques. What makes this choice unique?
arrow_forward
Which bugs are the hardest to resolve?
arrow_forward
A student found a loophole in the university computer’s security system that allowed him access to other students’ records. He told the system administrator about the loophole, but continued to access others’ records until the problem was corrected two weeks later.
arrow_forward
Please provide an example of how one of the four access control options may be implemented. Why should you choose this option above the others in its field?
arrow_forward
Suffolk County is geographically located on the Eastern half of Long Island, NY. It has a population of approximately 1.5 Million people, making it one of the larger ones in the State. In 2021, attackers compromised some of the county government’s systems and took residence on them for an extended period of time. This case study explores the cause of the breach, as well as its impact on county government, and on the residents of Suffolk County.
Instructions
For your assignment this module, complete the following:
Review two acticles about the Suffolk County Breach Case Study and Ransomware attack that forced a New York county back to pen and paper began in 2021, official says.
Answer the following questions:
What was the impact of the breach to the county government ability to operate?
How expensive was dealing with the aftermath of the breach? Is that in line what you would have guessed?
What was the impact of the breach to the county’s residents?
How much time elapsed between the…
arrow_forward
dont waste my question strict report if not sure
arrow_forward
Is there a way to conceal the cursor?
arrow_forward
Acquaint yourself with the many classifications of access control techniques. Conduct a comparison and analysis of the many different kinds of controls that are provided by each option.
arrow_forward
a description of an appropriate permission structure for the users; make sure you design permissions for each folder, but don’t create an overly elaborate design – just deciding if folders should be accessible or not (permissions are read & write or none) and to which security principal is sufficient; be sure to explain your decisions regarding assigning permissions
What is the meaning of this?
arrow_forward
What is a hit? A miss?
arrow_forward
if you will be assigned as one of the authorized body to create the "robotics Code', give at least five areas or stipulations that you want to focus on the code and why?.
minimum of 250 words
arrow_forward
SEE MORE QUESTIONS
Recommended textbooks for you
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Related Questions
- As part of a website redesign at Sunshine State University, a directory search application was developed. It allows any- one to search for Sunshine State students, staff, and faculty names and email addresses. Before the website is released to the public, you have been asked to work with the team evaluating the security. And you found out this system could possibly be suffering for system misconfiguration. write a paragraph brief (one to two paragraphs) summary of your findings that could be presentedto the administration of Sunshine State University. Make sure to include:a) What vulnerability or vulnerabilities this application suffer from?b) Possible harm that could come from this vulnerability.c) Reasons that you feel this vulnerability is presenarrow_forwardCS 386 Project: Overview Project Synopsis: This group project will require your group to design and implement your own enciphering algorithm. Your team's algorithm must combine the two operations, substitution and permutation/transposition, into your unique encryption algorithm. Your encryption algorithm must include multiple rounds of the two operations. You program must be able to encrypt and decrypt messages. Your team will need to give your algorithm a name that is unique to your encryption technique. Your group mayarrow_forwardJoe Green, a system administrator for a large corporation, is installing a new software package on Chuck Dennis’ personal computer. The company has not authorized Joe to read the employees’ e-mail, Web logs, or personal files. However, in the course of installing the software, he accidentally comes across directories containing files with suspicious-looking names. He opens a few files and discovers they contain child pornography. Joe believes possessing such images is unethical for their profession. What should he do? Acme Corporation licenses a sophisticated software package to many private and government agencies. Kyla is one of Acme's employees who works in the support organization. She mostly provides phone support but also teaches an on-site class from time to time. In fact, she created many of the instructional materials used in these classes. One day Kyla gets a call from Maria, who works for a government agency that uses Acme's software package. Maria offers to pay Kyla Php…arrow_forward
- All of the following statements are true in regards to clipping levels except for which one? Activity below a clipping level is considered normal and expected When the clipping level is exceeded, a violation record may be recorded All abnormal activity, including intrusions, will cross a clipping level The use of clipping levels is considered a preventative technical access control methodarrow_forwardMethods of categorising access control measures are discussed. The various types of controls that can be found in each will be discussed.arrow_forwardKindly help me.arrow_forward
- You were hired to take photos in a Prohibited area. Are you allowed to fly your sUAS within that Prohibited area? Yes, only if the remote PIC applies for a waiver first. Yes, Prohibited just means more fun No, a remote PIC is never permitted to fly within a Prohibited area. Yes, provided you've received prior authorization from the FAA.arrow_forwardAn exhaustive breakdown of the Access Control List is presented.arrow_forwardYou've been warned about a ransomware assault known as Ryuk. Assume that each infected device will cost you $100 to restore your files. Write a one-page executive briefing (in memo style) outlining the following actions to address the danger you've identified: Find out about a security danger and/or breach and study the information you findAssess the danger and prepare a briefing for senior management (a one-page paper in Word, PDF, etc.)Write a concise summary of the main aspects of the problemWhat effect, if any, could it have on St. Eligius?Make suggestions for short-term measures to reduce the risk.Suggestions for long-term mitigationarrow_forward
- Task Instructions X Protect the current worksheet, letting users select both locked and unlocked cells, but only make changes to unlocked cells. Use the password cengage to prevent unauthorized changes to the worksheet protection settings.arrow_forwardQuestion 43 Select the appropriate response True or False: Most back injuries are due to improper removal and replacement of the ladder on the company truck. True O False Submit Responsearrow_forward▾ Topic 1 (Refers to Lesson #1) Discuss how the definition of privacy that is commonly used (freedom from observation) may differ from the definition of privacy from the information security perspective (freedom from unsanctioned intrusion). Topic 2 ▸ Topic 3 8 f ion_topics/2947715?module_item_id=12935597# Q Search S T Q Search entries or author G H N & 7 M Unread hp 3 K fo ↑ © E fo F11 P alt 112 C ** ļ Insert ctn E pause 10:14 10/30/20 backspacearrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Enhanced Discovering Computers 2017 (Shelly Cashm...Computer ScienceISBN:9781305657458Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. CampbellPublisher:Cengage LearningCOMPREHENSIVE MICROSOFT OFFICE 365 EXCEComputer ScienceISBN:9780357392676Author:FREUND, StevenPublisher:CENGAGE L
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L