Introduction to Cybersecurity (WS 16/17) Practice Exam. Sample Solution Name Matriculation Seat
|
|
- Tamsin Simpson
- 5 years ago
- Views:
Transcription
1 Introduction to Cybersecurity (WS 16/17) Date: 02/10/2017 Practice Exam The Tutors Saarland University Sample Solution Name Matriculation Seat The following practice exam is not part of the official teaching material and is therefore neither relevant nor irrelevant for the (re-)exam. Furthermore, we do not guarantee the correctness of the sample solution. DO NOT OPEN the exam until instructed to do so. Read all the instructions first. You have to write the exam on the seat with the number that has been assigned to you. The exam is closed-book, closed-notes. No auxiliary means are allowed. At your desk, you may only have writing utensils, beverages, food, ID cards, and an English dictionary. Bags and jackets have to be left at the walls of the lecture room, mobile phones and computers need to be switched off. The exam takes 180 minutes. You can get at most 180 points. The number of points you can get for an exercise thus gives you a hint about how much time you should spend on that exercise (1 minute per point). Write your solutions in the space provided after each problem or on the extra page provided for each problem. You can write your answers in German or English. Be neat and write legibly. It is in your best interest that we understand your answers. You will be graded not only on the correctness of your answer, but also on the clarity with which you express it. If you need to go to the bathroom during the exam, please turn in your exam booklet. Only one person may go to the bathroom at a time. Every attempt of deception will force us to exclude you from this exam and all following exams of this lecture. The University keeps a record of attempts of deception. Good luck! Problem Total Score Points
2 Sample Solution / Problem 1: System security part (60 points) 1. System Part 1 (30 Points) (a) Exercise 1 (ACL vs. Capabilities) (10 Points) For the two concepts Access control list (ACL) and Capabilities, briefly explain the core idea and how they differ. Access control list: Each object is associated with a list containing information about who has which rights to, for example, read or write into a file. A reference monitor then checks each subject against said list and eventually access is granted or denied. Capabilities: Each subject holds a unique token that gives information about which rights the subject has for which object. Here the reference monitor checks the token. The difference is that ACL is object centered whereas the concept of Capabilities is subjectcentered. (b) Exercise 2 (Access control on Linux) (15 Points) File permissions Owner Group File size Modification Date File Name rw r r Joe Students Feb 10 14:15 solution.leaked rw rwxrwx Bob Bob 343K Nov 5 00:36 fsociety.bin rwsrwx root Students 666K Jan 1 12:15 end-humanity.bin rwsrw Eve Students 9774K Mar 5 16:54 execute-me.bin Decide whether or not the following statements are true or false and explain your answer. We have that students = {Bob, Alice, Caroline}. (i) Eve can write into solution.leaked. (ii) Caroline can execute end-humanity.bin with RUID 0. (iii) Bob can execute end-humanity.bin. (iv) Caroline can execute execute-me.bin with the EUID of Eve. (v) root can read execute-me.bin. Solution: (i) No, only the owner Joe can write into the file. (ii) Not with this RUID. (iii) Yes, he can, because he is in the students group. (iv) No, Caroline can not execute this file. (v) Yes, root has full filesystem privileges. 2
3 2. System Part 2 (35 points) The Bank of the VVest uses the following backdoored 32-bit program in order to transfer an amount of 10 euros to the account number that is contained within the file account.txt. 1 # include <stdio.h> 2 # include < stdlib.h> 3 # include < string.h> 4 5 void backdoor () 6 { 7 //... 8 // Backdoor code. 9 // } void perform_ transaction ( char * account, int amount ) 13 { 14 fprintf ( stdout, " Transfer %d euros to %s.\n", amount, account ); 15 // // Code which actually performs the transaction. 17 // } void read_ transaction ( FILE * f) 21 { 22 int amount = 10; 23 int canary = 0 x256 ; 24 char buf [10]; 25 memset ( buf, 0, sizeof ( buf )); // Fill the buffer with zeroes 26 fread ( buf, 54/3, 1, f); // Read 54/3 bytes into buf 27 if( canary!= 0 x256 ) 28 { 29 fputs (" ABORTING : Manipulation attempt detected.\ n", stderr ); 30 exit (1) ; 31 } 32 perform_ transaction ( buf, amount ); 33 } int main ( int argc, char ** argv ) 36 { 37 FILE *f = fopen (" account. txt ", "r"); 38 if(f == NULL ) 39 { 40 perror (" Failed to open file "); 41 exit (1) ; 42 } 43 read_ transaction ( f); 44 fclose (f); 45 } You have write access to the file account.txt because the self-proclaimed cybersecurity experts of the bank missed to set its file permissions correctly. For the following tasks, assume that sizeof(int) amounts to 32 bits and that there is no alignment or reordering of local variables. 3
4 (a) Stack Layout (8 Points) Draw the stack layout of the function read transaction. Make sure to include the saved frame pointer, all local variables and the return address as well as their addresses on the stack. Assume that the buffer is located at address 0x The values for the saved frame pointer and the return address are left out here as you cannot deduct the information from the exercise. (b) Vulnerability (6 Points) Locate, name and describe the apparent vulnerability of the program. Is it possible to divert the control flow of the program to the backdoor function by crafting malicious input? Explain. There is a buffer overflow vulnerability in line 26. It is not possible to divert the control flow to the backdoor function because this would require the ability to overwrite at least one byte of the saved frame pointer. However, this is infeasible as the buffer s bound can be exceeded by eight bytes only. As the size of 32-bit integers amounts to four bytes, this is sufficient to overwrite the variables amount and canary only. Following the amount variable on the stack, it is not possible to overwrite the saved frame pointer, which would require the buffer s bound to be exceeded by nine bytes at least. (c) Stack Canary (6 Points) Explain the functionality of the stack canary. Under which circumstances does it protect against an attacker? Consider a compiler performing optimizations by removing dead (unused) code. What could possibly go wrong with this type of canary check? The stack canary is overwritten if the buffer overflows by one or more bytes. If the canary check detects that the canary value differs from the original value 0x256, it will abort execution of the program and prevent a potentially malicious transaction to be performed. It only provides protection to an attacker who does not know the canary value and who does not have the ability to perform exhaustive search (brute force) on the value. Considering a compiler that removes dead code, the canary check could be optimized away because the canary variable is not referenced anywhere between its assignment and its check. Therefore, the compiler might assume that it is a constant, without regarding that it could be modified by undefined behavior. 4
5 (d) Exploitation (4+11 Points) Craft an input exploiting the vulnerability on a Little-Endian system in order to transfer 100 euros to the bank account without causing a program crash. i. How do you overwrite the canary without triggering manipulation detection? Calculate how the four bytes overwriting the canary have to be crafted. 256 = = 0x100 Applying Little-Endian ordering, we get the following bytes needed to replace the canary: 0x00 0x01 0x00 0x00 That is, the first four bytes exceeding the buffer size must correspond to these bytes in the provided order. ii. Exactly state the contents of the file account.txt for your exploit in hexadecimal and describe how you crafted it. The ASCII code of 0 is 0x30. The hexadecimal value of 100 can be calculated as follows: 100 = = 0x64 We can therefore craft a file containing the following bytes: 0x31 0x32 0x33 0x34 0x35 0x36 0x37 0x38 0x00 0x00 0x00 0x01 0x00 0x00 0x64 0x00 0x00 0x00 The first eight bytes correspond to the ASCII representation of the account number. They are followed by a null-terminator in order to properly terminate the string. Another null byte follows in order to completely fill the buffer with ten bytes of data. However, this byte can be chosen arbitrarily. The bytes 0x00 0x01 0x00 0x00 follow, being the bytes that are required in order to overwrite the stack canary as shown in a). The stack canary is then followed by the value that is supposed to overwrite amount, in Little-Endian order. 5
6 Sample Solution / Problem 2: Web security (30 points) 1. Exercise 1: SQL Injection (30 points) Assume the following PHP function that checks if your login credentials are valid: 1 function check_ login ( $user, $pwd ) { 2 global $database ; 3 4 $query = $database - > prepare (" SELECT id, password, salt FROM users WHERE username = : user AND password = ". $pwd." "); 5 6 $query -> bindparam ( : user, $user ); 7 $query -> bindparam ( : pwd, $pwd ); 8 9 if (! $query -> execute ()) { 10 echo " error sql statement execution "; 11 echo $query - > errorinfo (); 12 } else { 13 $retval = $query - > fetchall (); 14 if( count ( $retval ) == 0) // count returns number of rows 15 return 0; // No valid login 16 } 17 return 1; 18 } (a) Explain the apparent SQL Injection vulnerability in this function: (5 Points) The prepared statement is used wrong. In the query at line 4 there is a parameter identifier for user but the password is simple append to the query as string concatenation. Therefore, you can inject SQL statements via the password variable such that you can perform arbitrary statements. The function does not crash because bindparam() does return true if it has replaced the placeholder with the variable and false if it fails. (b) Create values for $user and $pwd that can successfully login and explain why this works: $usrr = arbitrary String, for example admin $pwd = OR 1=1 (c) Briefly explain how to successfully fix this vulnerability: (15 Points) (10 Points) Input validation filter, for example disallow apostrophes, semicolons, percent symbols, hyphens, underscores,... Check of any character that has special meaning and check of the data type (e.g. make sure it s an integer) Whitelisting characters, (blacklisting chars does not work because you can forget to filter out some characters and you could prevent valid input (e.g. username O Brien)) Allow only well defined set of safe values, sets should be implicitly defined through regular expressions. Prepared statements which allow creation of static queries with bind variables such that it preserves the structure of intended query. 6
7 Sample Solution / Problem 3: Cryptography part (60 points) 1. Private Key Cryptography (40 points) (a) Consider an encryption scheme = (Gen, Enc, Dec) where Gen outputs k K := {0, 1} n \{0 n } uniformly at random Enc : {0, 1} n K {0, 1} n : Enc(m, k) = k m Dec : {0, 1} n K {0, 1} n : Dec(c, k) = k c Prove or disprove whether satisfies perfect secrecy. (8 Points) No! Since the key space K is smaller than the message space, perfect secrecy can not be achieved. 7
8 Figure 1: Source: Wikimedia, changed (b) Consider the arbitrary length encryption given by Figure 1 where the IV is 1 n and the block cipher encryption Π = (BGEN, BEN C, BDEC) is correct and secure against chosen plaintext attacks. i. Show how decryption is done by drawing a picture or giving a function Dec. ii. Show that the given scheme is not secure against chosen plaintext attacks. In other words, construct two messages for which you can easily identify which one was encrypted given only a ciphertext. (20 Points) i. Be c = c 1 c 2... c l then Figure 2: Source: Wikimedia Dec k (c i ) = { BDEC k (c 1 1 n ) for i=1, BDEC k (c i ) c i 1 otherwise ii. Consider an attacker A doing the following. Note that A has access to an encryptionoracle and n is the block-length: A. Query O with 1 n 1 n, the first block of the response will be BENC k (1 n 1 n ) = BENC k (0 n ) denote it as resp. B. A outputs (m 0, m 1 ) with m 0 = m 0,0 m 0,1 = 1 n 0 n and m 1 = m 1,0 m 1,1 = 0 n 0 n and receives c b which is either the encryption of the first or second element of the tuple A submitted. C. A then checks whether the first block is equal to resp. If and only if so A outputs 0 else 1. As the IV will always be 1 n the encryption of the first block is defined as BENC k (IV m b,0 ) = BENC k (1 n m b,0 ). If m 0 is chosen, then this is equal to resp but as Π is correct BENC k (1 n 0 n ) BENC k (1 n 1 n ) so the bit output by A is always the right one. Therefore A will always win the CPA-Game, so the scheme is not CPA-secure. (c) Let K := {0, 1} n and let (GEN, MAC, V RF Y ) be a MAC-scheme. GEN outputs a key k = (k 1, k 2 ) drawn uniformly at random from K K. Furthermore, let MAC : (K K) {0, 1} n {0, 1} n : MAC((k 1, k 2 ), m) = k 1 m k 2 8
9 be a MAC function. VRFY takes a key k, a message m and a tag t and checks whether t = MAC((k 1, k 2 ), m). Show that this MAC-Scheme is insecure as follows: Given a finite number of tags t i for messages m i chosen by yourself, construct a tag t for a message m m i also chosen by yourself. Assume t is a valid tag for the message m. then t 1 n is a valid tag for m 1 n : (12 Points) V RF Y ((k 1, k 2 ), t 1 n, m 1 n ) (k 1 (t 1 n ) k 2 = m 1 n ) (k 1 t k 2 = m) 9
10 2. Public Key Cryptography (20 points) (a) Compute Z 33 and show your steps. Since 33 = 3 11 it holds that: (5 Points) (b) Consider Z 7. Solve the following equations. i. 2 mod 7 = ii. 3 6 mod 7 = iii. (5 6) mod 7 = φ(n) = (3 1) (11 1) = 20 i. 2 mod 7 {3, 4} ii. 3 6 mod 7 = 1 iii. (5 6) mod 7 = 2 (c) Compute 5 1 in Z 11 and show your steps. Using repeated squaring: (9 Points) (6 Points) 5 1 = 5 9 = = (5 4 ) 2 5 = ((5 2 ) 2 ) 2 5 = (3 2 ) 2 5 = = 4 5 = 9 Using a similar technique: 5 1 = 5 9 = (5 3 ) 3 = 4 3 = 9 10
11 Sample Solution / Problem 4: Privacy and Theory (30 Points) 1. Privacy (15 Points) (a) Exercise 1 (K-Anonymity) In this exercise you should analyze K-Anonymity of datasets. Assume for this exercise, that AGE, GENDER, RELATIONSHIP STATUS are quasi identifiers. (15 Points) Table 1: Dataset 1 RELATIONSHIP STATUS GENDER AGE FAVOURITE GAME in Relationship male Call of Duty single male Minecraft single male Minecraft in Relationship female Skyrim single male Minecraft in Relationship male Call of Duty in Relationship female Skyrim in Relationship female Skyrim Table 2: Dataset 2 RELATIONSHIP STATUS GENDER AGE FAVOURITE GAME single male Call of Duty single male Minecraft in Relationship male World of Warcraft in Relationship male Skyrim in Relationship female League of Legends in Relationship female Half Life 3 single female Bioshock single female Far cry 2 Table 3: Dataset 3 RELATIONSHIP STATUS GENDER AGE FAVOURITE GAME single male Call of Duty single male Minecraft single male World of Warcraft single male Skyrim single male League of Legends single male Half Life 3 single male Bioshock single male Far cry 2 For each Dataset 1-3 check if it satisfies K-Anonymity. If so, what is the maximal k for which it satisfies K-Anonymity? Explain your answer. 11
12 We first note that every Dataset satisfies the definition of K-Anonymity with k= 1, which means that every person can hide in a set of at least size one (e.g., the set containing only themselves). Consequently, we only need to find the maximal k for each dataset. Dataset 1 The first dataset satisfies K-Anonymity with k=2, because we can partition the dataset in 3 anonymity sets of size 2: 3x(single,male,14-18), 3x(in Relationship,female,19-23), 2x(in Relationship,male,19-23) Dataset 2 In dataset is a person with a different age compared to the others. (in Relationship,female,19-23) is a set of quasi identifiers that appears only once. So this dataset satisfies k-anonymity with k=1 Dataset 3 In this dataset every person has the same quasi identifiers, whats satisfies K-Anonymity with k=8 2. Information Flow (15 Points) In this exercise you have to look at the information processing of a short program. In the last few months, Bob always forgot his PIN as he wanted to do online banking, so he wrote a short program, that should output his PIN if he inputs a password he surprisingly always remembers. Assuming the password is really strong, what are the problems with his code? (a) What are the Information Flow problems in this program? Name at least 2 and briefly explain them. You can assume that secretpin, var, var2 are high variables. 1 def f1(var ): 2 secretpin = low2 = rev ( secretpin ) 4 if ( iscorrect ( var )): """ returns True if password is correct """ 5 return secretpin 6 else if ( var == foobar ): 7 return rev ( low2 ) """ reversed integer is returned """ 8 else : 9 return def main ( password ): 12 low = 0 13 if (f1( password ) == 0): 14 return 0 15 else : 16 var2 = f1( password ) 17 while ( var2 > 0): 18 var2 = var low = low return low password = raw_ input (" Please enter your password ") 23 main ( password ) (15 Points) 12
13 line 13-19: Here is a conditional and also timing flow. The while-loop depends on a high variable and assigns it indirectly to a low variable. also the time that this computation needs depends on the high variable. line 3: If the password is foobar then the reversed form of low2 is returned. The problem here is that low2 gets the reversed value of secretpin with a wrong password you nevertheless get the correct secretpin 13
Introduction to Cybersecurity (WS 16/17) Practice Exam. Name Matriculation Seat
Introduction to Cybersecurity (WS 16/17) Date: 02/10/2017 Practice Exam The Tutors Saarland University Name Matriculation Seat The following practice exam is not part of the official teaching material
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More information414-S17 (Shankar) Exam 1 PRACTICE PROBLEMS SOLUTIONS Page 1/7
1-S17 (Shankar) Exam 1 PRACTICE PROBLEMS SOLUTIONS Page 1/7 1. Short answers: must be less than 30 words. In an exam, we will use a format with much shorter answers (eg, multiple-choice). What is difference
More informationtypedef void (*type_fp)(void); int a(char *s) { type_fp hf = (type_fp)(&happy_function); char buf[16]; strncpy(buf, s, 18); (*hf)(); return 0; }
Dawn Song Fall 2012 CS 161 Computer Security Practice Questions 1. (6 points) Control Hijacking Indicate whether the statement is always valid. Indicate true or false, and give a one sentence explanation.
More informationWEB SECURITY: SQL INJECTION
WEB SECURITY: SQL INJECTION CMSC 414 FEB 15 2018 A very basic web architecture Client Server A very basic web architecture Client Server A very basic web architecture Client Server A very basic web architecture
More informationISA 562: Information Security, Theory and Practice. Lecture 1
ISA 562: Information Security, Theory and Practice Lecture 1 1 Encryption schemes 1.1 The semantics of an encryption scheme. A symmetric key encryption scheme allows two parties that share a secret key
More informationHomework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08
Homework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08 For your solutions you should submit a hard copy; either hand written pages stapled together or a print out of a typeset document
More informationFeedback Week 4 - Problem Set
4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1
More informationECE568S: Midterm Exam Examiner: C. Gibson. DURATION: 110 Minutes. 2. Do not turn this page over until you have received the signal to start.
ECE568S: Midterm Exam Examiner: C. Gibson DURATION: 110 Minutes 1. Please use a pen to complete all of your answers to the midterm. 2. Do not turn this page over until you have received the signal to start.
More informationSolution of Exercise Sheet 11
Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Solution of Exercise Sheet 11 1 Breaking Privacy By Linking Data The
More informationHomework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.
Homework 2: Symmetric Crypto February 17, 2015 Submission policy. information: This assignment MUST be submitted as a PDF via websubmit and MUST include the following 1. List of collaborators 2. List of
More informationCYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 Secure Coding String management Pointer Subterfuge
More information2/9/18. CYSE 411/AIT681 Secure Software Engineering. Readings. Secure Coding. This lecture: String management Pointer Subterfuge
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 String management Pointer Subterfuge Secure
More informationCS 161 Computer Security
Wagner Spring 2014 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be reported
More informationI n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:
This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web
More information1 Defining Message authentication
ISA 562: Information Security, Theory and Practice Lecture 3 1 Defining Message authentication 1.1 Defining MAC schemes In the last lecture we saw that, even if our data is encrypted, a clever adversary
More information6 WEEK EXAM NAME: ALPHA: SECTION:
6 WEEK EXAM NAME: ALPHA: SECTION: 1. This is individual work. 2. SHOW ALL WORK! 3. Write legibly to receive credit. 4. Turn in your equation sheet. SCORE: /100 SCALE >89.5%: 31337 79.5 89.5%: H@XX0R 69.5
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More informationINDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator EXAMINATION ( Mid Semester ) SEMESTER ( Spring ) Roll Number Section Name Subject Number C S 6 0 0 8 8 Subject Name Foundations
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.893 Fall 2009 Quiz I Solutions All problems are open-ended questions. In order to receive credit you must
More information1. (6 points) Control Hijacking Indicate whether the statement is always valid. Indicate true or false, and give a one sentence explanation.
Dawn Song Fall 2012 CS 161 Computer Security Practice Questions 1. (6 points) Control Hijacking Indicate whether the statement is always valid. Indicate true or false, and give a one sentence explanation.
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationCSE 303 Midterm Exam
CSE 303 Midterm Exam October 29, 2008 Name Sample Solution The exam is closed book, except that you may have a single page of hand written notes for reference. If you don t remember the details of how
More informationSample slides and handout
www.securecodingacademy.com Join the Secure Coding Academy group on LinkedIn and stay informed about our courses! [FOOTER] Sample slides and handout 2016 SCADEMY Secure Coding Academy Confidential. These
More informationUnited States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring AY2017
United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring AY2017 1. Do a page check: you should have 8 pages including this cover sheet. 2. You have 50 minutes
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationWhy bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?
Jeroen van Beek 1 Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions? 2 Inadequate OS and application security: Data abuse Stolen information Bandwidth
More informationCS 361S - Network Security and Privacy Spring Homework #2
CS 361S - Network Security and Privacy Spring 2014 Homework #2 Due: 11am CDT (in class), April 17, 2014 YOUR NAME: Collaboration policy No collaboration is permitted on this assignment. Any cheating (e.g.,
More informationECE264 Spring 2013 Exam 1, February 14, 2013
ECE264 Spring 2013 Exam 1, February 14, 2013 In signing this statement, I hereby certify that the work on this exam is my own and that I have not copied the work of any other student while completing it.
More informationLecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24
Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable for authentication of sender Lecturers: Mark D. Ryan and David Galindo.
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 2 Question 1 Software Vulnerabilities (15 min) For the following code, assume an attacker can control the value of basket passed into eval basket.
More informationShellbased Wargaming
Shellbased Wargaming Abstract Wargaming is a hands-on way to learn about computer security and common programming mistakes. This document is intended for readers new to the subject and who are interested
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationLecture Notes on Memory Layout
Lecture Notes on Memory Layout 15-122: Principles of Imperative Computation Frank Pfenning André Platzer Lecture 11 1 Introduction In order to understand how programs work, we can consider the functions,
More informationHomework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08
Homework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08 This homework assignment is due Wednesday, February 13 at the beginning of lecture. Please bring a hard copy to class; either
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall 2011.
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz I: Solutions Please do not write in the boxes below. I (xx/20) II (xx/10) III (xx/16)
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationCSCI-1200 Data Structures Spring 2017 Lecture 5 Pointers, Arrays, Pointer Arithmetic
CSCI-1200 Data Structures Spring 2017 Lecture 5 Pointers, Arrays, Pointer Arithmetic Announcements Submitty iclicker registration is still open. Even if you already registered on the iclicker website,
More informationLab Exam 1 D [1 mark] Give an example of a sample input which would make the function
CMPT 127 Spring 2019 Grade: / 20 First name: Last name: Student Number: Lab Exam 1 D400 1. [1 mark] Give an example of a sample input which would make the function scanf( "%f", &f ) return -1? Answer:
More informationDefining Encryption. Lecture 2. Simulation & Indistinguishability
Defining Encryption Lecture 2 Simulation & Indistinguishability Roadmap First, Symmetric Key Encryption Defining the problem We ll do it elaborately, so that it will be easy to see different levels of
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationCSc 466/566. Computer Security. 20 : Operating Systems Application Security
1/68 CSc 466/566 Computer Security 20 : Operating Systems Application Security Version: 2014/11/20 13:07:28 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2014 Christian
More informationBuffer Overflows Defending against arbitrary code insertion and execution
www.harmonysecurity.com info@harmonysecurity.com Buffer Overflows Defending against arbitrary code insertion and execution By Stephen Fewer Contents 1 Introduction 2 1.1 Where does the problem lie? 2 1.1.1
More informationCSE 303: Concepts and Tools for Software Development
CSE 303: Concepts and Tools for Software Development Hal Perkins Winter 2009 Lecture 7 Introduction to C: The C-Level of Abstraction CSE 303 Winter 2009, Lecture 7 1 Welcome to C Compared to Java, in rough
More informationSecure Programming I. Steven M. Bellovin September 28,
Secure Programming I Steven M. Bellovin September 28, 2014 1 If our software is buggy, what does that say about its security? Robert H. Morris Steven M. Bellovin September 28, 2014 2 The Heart of the Problem
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationCSCI-1200 Data Structures Spring 2014 Lecture 5 Pointers, Arrays, Pointer Arithmetic
CSCI-1200 Data Structures Spring 2014 Lecture 5 Pointers, Arrays, Pointer Arithmetic Announcements: Test 1 Information Test 1 will be held Monday, February 10th, 2014 from 6-7:50pm, Lab sections 1-5 and
More informationC Basics And Concepts Input And Output
C Basics And Concepts Input And Output Report Working group scientific computing Department of informatics Faculty of mathematics, informatics and natural sciences University of Hamburg Written by: Marcus
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationCryptography. Andreas Hülsing. 6 September 2016
Cryptography Andreas Hülsing 6 September 2016 1 / 21 Announcements Homepage: http: //www.hyperelliptic.org/tanja/teaching/crypto16/ Lecture is recorded First row might be on recordings. Anything organizational:
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Homework 1 Due: Wednesday, February 9, at 9:59pm Instructions. Submit your solution by Wednesday, February 9, at 9:59pm, in the drop box labelled CS161 in 283
More informationLecture 02: Historical Encryption Schemes. Lecture 02: Historical Encryption Schemes
What is Encryption Parties involved: Alice: The Sender Bob: The Receiver Eve: The Eavesdropper Aim of Encryption Alice wants to send a message to Bob The message should remain hidden from Eve What distinguishes
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationInformation page for written examinations at Linköping University
Information page for written examinations at Linköping University Examination date 2017-08-23 Room (1) Time 8-12 Course code Exam code Course name Exam name Department Number of questions in the examination
More informationB) Symmetric Ciphers. B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers
1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers B.a) Fundamentals 2 B.1 Definition 3 A mapping Enc: P K C for which ϕ k := Enc(,k): P C is bijective for each k K is called
More informationComputer Science 2500 Computer Organization Rensselaer Polytechnic Institute Spring Topic Notes: C and Unix Overview
Computer Science 2500 Computer Organization Rensselaer Polytechnic Institute Spring 2009 Topic Notes: C and Unix Overview This course is about computer organization, but since most of our programming is
More informationS. Erfani, ECE Dept., University of Windsor Network Security
4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz I You have 80 minutes to answer the questions in this quiz. In order to receive credit
More informationStack Overflow. Faculty Workshop on Cyber Security May 23, 2012
Stack Overflow Faculty Workshop on Cyber Security May 23, 2012 Goals Learn to hack into computer systems using buffer overflow Steal sensitive data Crash computer programs Lay waste to systems throughout
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationBasic Buffer Overflows
Operating Systems Security Basic Buffer Overflows (Stack Smashing) Computer Security & OS lab. Cho, Seong-je ( 조성제 ) Fall, 2018 sjcho at dankook.ac.kr Chapter 10 Buffer Overflow 2 Contents Virtual Memory
More informationComputer Security Coursework Exercise CW1 Web Server and Application Security
Computer Security Coursework Exercise CW1 Web Server and Application Security In this coursework exercise we will guide you through an attack against a vulnerable machine. You will take the role of Mallet
More information11 Message Authentication Codes
11 Message Authentication Codes When you ve signed up for online services, you might have been asked to verify your email address. Typically the service will send you an email that contains a special activation
More information2 Secure Communication in Private Key Setting
CSA E0 235: Cryptography January 11, 2016 Instructor: Arpita Patra Scribe for Lecture 2 Submitted by: Jayam Modi 1 Discrete Probability Background Probability Distribution -A probability distribution over
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 1 January 26, 2011 Question 1 Buffer Overflow Mitigations Buffer overflow mitigations generally fall into two categories: (i) eliminating the cause
More informationCSC209H Lecture 3. Dan Zingaro. January 21, 2015
CSC209H Lecture 3 Dan Zingaro January 21, 2015 Streams (King 22.1) Stream: source of input or destination for output We access a stream through a file pointer (FILE *) Three streams are available without
More informationMemory Corruption 101 From Primitives to Exploit
Memory Corruption 101 From Primitives to Exploit Created by Nick Walker @ MWR Infosecurity / @tel0seh What is it? A result of Undefined Behaviour Undefined Behaviour A result of executing computer code
More informationPart 1. Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche. Examination Paper
Philadelphia University Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche Faculty of Information Technology Department of Computer Science Examination
More informationCS 3113 Introduction to Operating Systems Midterm October 11, 2018
General instructions: CS 3113 Introduction to Operating Systems Midterm October 11, 2018 Please wait to open this exam booklet until you are told to do so. This examination booklet has 10 pages. You also
More informationCS 3113 Introduction to Operating Systems Midterm October 11, 2018
General instructions: CS 3113 Introduction to Operating Systems Midterm October 11, 2018 Please wait to open this exam booklet until you are told to do so. This examination booklet has 10 pages. You also
More informationSecure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
More informationMemory Safety (cont d) Software Security
Memory Safety (cont d) Software Security CS 161: Computer Security Prof. Raluca Ada Popa January 17, 2016 Some slides credit to David Wagner and Nick Weaver Announcements Discussion sections and office
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationMessage Authentication ( 消息认证 )
Message Authentication ( 消息认证 ) Sheng Zhong Yuan Zhang Computer Science and Technology Department Nanjing University 2017 Fall Sheng Zhong, Yuan Zhang (CS@NJU) Message Authentication ( 消息认证 ) 2017 Fall
More informationExploit Mitigation - PIE
Exploit Mitigation - PIE Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch ASCII Armor Arbitrary Write Overflow Local
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationWinter 2018 CS134: Computer and Network Security Homework 2 Due: 02/26/18, 11:59pm
Winter 2018 CS134: Computer and Network Security Homework 2 Due: 02/26/18, 11:59pm Full Name: UCI ID Number: Sources: Guidelines: Use any word processor. Write your Name, UCInetID and Student ID on each
More informationWhy bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?
Jeroen van Beek 1 Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions? 2 Inadequate OS and application security: Data abuse Stolen information Bandwidth
More informationISA564 SECURITY LAB. Code Injection Attacks
ISA564 SECURITY LAB Code Injection Attacks Outline Anatomy of Code-Injection Attacks Lab 3: Buffer Overflow Anatomy of Code-Injection Attacks Background About 60% of CERT/CC advisories deal with unauthorized
More informationThis is an open book, open notes exam. But no online or in-class chatting.
Principles of Operating Systems Fall 2017 Final 12/13/2017 Time Limit: 8:00am - 10:00am Name (Print): Don t forget to write your name on this exam. This is an open book, open notes exam. But no online
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.893 Fall 2009 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationCryptography (cont.)
CSE 484 / CSE M 584 (Autumn 2011) Cryptography (cont.) Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others
More informationProvided by - Microsoft Placement Paper Technical 2012
Provided by www.yuvajobs.com - Microsoft Placement Paper Technical 2012 1. Analytical 25 questions ( 30 minutes) 2. Reasoning 25 questions (25 minutes) 3. Verbal 20 questions (20 minutes) Analytical (some
More informationCS240: Programming in C. Lecture 14: Errors
CS240: Programming in C Lecture 14: Errors Errors We ve already seen a number of instances where unexpected (and uncaught) errors can take place: Memory buffer overflow/underflow unintended casts misuse
More informationSecure Coding in C and C++
Secure Coding in C and C++ Dynamic Memory Management Lecture 5 Sept 21, 2017 Acknowledgement: These slides are based on author Seacord s original presentation Issues Dynamic Memory Management Common Dynamic
More informationSecure Programming Lecture 3: Memory Corruption I (Stack Overflows)
Secure Programming Lecture 3: Memory Corruption I (Stack Overflows) David Aspinall, Informatics @ Edinburgh 24th January 2017 Outline Roadmap Memory corruption vulnerabilities Instant Languages and Runtimes
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationHow to perform the DDoS Testing of Web Applications
How to perform the DDoS Testing of Web Applications Peerlyst November 02, 2017 Nasrumminallah Zeeshan (zeeshan@nzwriter.com) A Denial of Service (DoS) attack is consisted of carrying out traffic flooding
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationCSci 4061 Introduction to Operating Systems. Programs in C/Unix
CSci 4061 Introduction to Operating Systems Programs in C/Unix Today Basic C programming Follow on to recitation Structure of a C program A C program consists of a collection of C functions, structs, arrays,
More informationOne-Slide Summary. Lecture Outline. Language Security
Language Security Or: bringing a knife to a gun fight #1 One-Slide Summary A language s design principles and features have a strong influence on the security of programs written in that language. C s
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More information