CS 161 Computer Security

Similar documents
CS 161 Computer Security

CS 161 Computer Security

CS 161 Computer Security

Midterm 1 Review. Memory Safety & Web Attacks

CS 161 Computer Security

CS 161 Computer Security

CS 161 Computer Security

Computer Security Fall 2006 Joseph/Tygar Midterm 3

CS 161 Computer Security

Memory Safety (cont d) Software Security

This exam contains 7 pages (including this cover page) and 4 questions. Once we tell you to start, please check that no pages are missing.


New York University CSCI-UA : Advanced Computer Systems: Spring 2016 Midterm Exam

WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang

This exam contains 8 pages (including this cover page) and 4 questions. Once we tell you to start, please check that no pages are missing.

CS 161 Computer Security

Wawrzynek & Weaver CS 61C. Sp 2018 Great Ideas in Computer Architecture MT 1. Print your name:,

CS 161 Computer Security

Homework 5: Exam Review

CS 361S - Network Security and Privacy Spring Homework #2

Engineering Robust Server Software

Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Midterm 1

WEB SECURITY: XSS & CSRF

Stack Overflow. Faculty Workshop on Cyber Security May 23, 2012

Wawrzynek & Weaver CS 61C. Sp 2018 Great Ideas in Computer Architecture MT 1. Print your name:,

CS 155 Final Exam. CS 155: Spring 2012 June 11, 2012

CS 161 Computer Security

Question Explain step-by-step how to use return-oriented programming to execute malicious code on a vulnerable system.

Secure Software Development: Theory and Practice

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

CS 155 Project 2. Overview & Part A

Web Application Security. Philippe Bogaerts

CS 161 Computer Security

Overview AEG Conclusion CS 6V Automatic Exploit Generation (AEG) Matthew Stephen. Department of Computer Science University of Texas at Dallas

CS 161 Computer Security

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

EURECOM 6/2/2012 SYSTEM SECURITY Σ

SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER

Black Hat Webcast Series. C/C++ AppSec in 2014

Nick Weaver Sp 2019 Great Ideas in Computer Architecture MT 1. Print your name:,

Code with red border means vulnerable code. Code with green border means corrected code. This program asks the user for a password with the function

Applications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable)

(CNS-301) Citrix NetScaler 11 Advance Implementation

Information page for written examinations at Linköping University

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Application vulnerabilities and defences

CS 170 Algorithms Spring 2009 David Wagner MT2

High -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018

Information page for written examinations at Linköping University

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology

Fall 2005 Joseph/Tygar/Vazirani/Wagner Final

NET 311 INFORMATION SECURITY

Buffer overflow background

CSE484 Final Study Guide

Midterm Exam #2 April 20, 2016 CS162 Operating Systems

Computer Security Course. Midterm Review

CS 155 Final Exam. CS 155: Spring 2009 June 2009

Copyright

WebGoat Lab session overview

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Lecture 4 September Required reading materials for this class

Beyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)

Cloudy with a chance of hack. OWASP November, The OWASP Foundation Lars Ewe CTO / VP of Eng. Cenzic

Software Vulnerabilities August 31, 2011 / CS261 Computer Security

John Coggeshall Copyright 2006, Zend Technologies Inc.

414-S17 (Shankar) Exam 1 PRACTICE PROBLEMS SOLUTIONS Page 1/7

Robust Defenses for Cross-Site Request Forgery

Progress Exchange June, Phoenix, AZ, USA 1

Project 2: Web Security

CS161 Midterm 1 Review

Web basics: HTTP cookies

typedef void (*type_fp)(void); int a(char *s) { type_fp hf = (type_fp)(&happy_function); char buf[16]; strncpy(buf, s, 18); (*hf)(); return 0; }

Web basics: HTTP cookies

CS 186 Databases. and SID:

How is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach

Software Security: Buffer Overflow Attacks

Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)

logistics CHALLENGE assignment take-home portion of the final next class final exam review

CSCE 548 Building Secure Software Buffer Overflow. Professor Lisa Luo Spring 2018

CSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis

Software Security II: Memory Errors - Attacks & Defenses

SoK: Eternal War in Memory

CMSC 414 Computer and Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

PHP Security. Kevin Schroeder Zend Technologies. Copyright 2007, Zend Technologies Inc.

I n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:

CSC 482/582: Computer Security. Cross-Site Security

Discrete Mathematics and Probability Theory Fall 2015 Rao Midterm 1

P2_L12 Web Security Page 1

Top 10 Application Security Vulnerabilities in Web.config Files Part One

Buffer Overflows. Buffers. Administrative. COMP 435 Fall 2017 Prof. Cynthia Sturton. Buffers

2/16/18. CYSE 411/AIT 681 Secure Software Engineering. Secure Coding. The Web. Topic #11. Web Security. Instructor: Dr. Kun Sun

CIS 4360 Secure Computer Systems XSS

CS 155 Final Exam. CS 155: Spring 2011 June 3, 2011

Advisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431

Midterm Exam #2 December 4, 2013 CS162 Operating Systems

Software Security: Buffer Overflow Defenses

San José State University Department of Computer Science CS-174, Server-side Web Programming, Section 2, Spring 2018

Transcription:

Wagner Spring 2014 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be reported to the Center for Student Conduct. Sign your name: Print your class account login: cs161- and SID: Your TA s name: Your section time: Name of the person sitting to your left: Name of the person sitting to your right: You may consult one sheet of paper (double-sided) of notes. You may not consult other notes, textbooks, etc. Calculators, computers, and other electronic devices are not permitted. Please write your answers in the spaces provided in the test. We will not grade anything on the back of an exam page unless we are clearly told on the front of the page to look there. You have 50 minutes. There are 6 questions, of varying credit (100 points total). The questions are of varying difficulty, so avoid spending too long on any one question. Do not turn this page until your instructor tells you to do so. Question: 1 2 3 4 5 6 Total Points: 15 10 15 20 16 24 100 Score: Page 1 of 7

Problem 1 Security principles (15 points) For each scenario, identify the security principle illustrated by scenario and give a short one-sentence justification of your answer. Some scenarios may represent an example of following the principle; others may represent an example of violating the principle. (a) Bike lock manufacturers tend to have a range of different kinds of locks for customers to choose from. The high-end ones are advertised for high-crime areas and the lowend options are advertised for low to moderate crime areas. Principle: Justification: (b) Some paranoid people will equip their houses with high fences, a gate that only opens with a password, a home security system, and a panic room. Principle: Justification: (c) A company called ES&S makes electronic voting machines for use in public elections. A special password is needed to upload software updates to their voting machines. This password is identical for every ES&S machine throughout the country, hardcoded in the code, and cannot be changed. The password is documented in manuals given to election officials who need to update the software on their voting machines. Principle: Justification: Midterm 1 Page 2 of 7 CS 161 Sp 14

Problem 2 Multiple choice (10 points) (a) Many security experts recommend using prepared statements in your code. Which of the following threats do prepared statements defend against? Circle all that apply. XSS Integer overflow CSRF SQL injection Clickjacking Polymorphic worms Buffer overruns Session fixation None of the above (b) ROP (Return-Oriented Programming) attacks are one way to exploit memory-safety vulnerabilities. Which of the following defenses can defend against ROP attacks? Circle all that apply. Non-executable stack Same-origin policy Output escaping None of the above Random CSRF tokens Memory-safe programming languages Midterm 1 Page 3 of 7 CS 161 Sp 14

Problem 3 True/false (15 points) In parts (a) (e), circle true or false. (a) True or False: The same-origin policy would prevent Javascript running on a page from twitter.com from reading the cookies for twitter.com and sending them to evil.com. (b) True or False: The same-origin policy would prevent Javascript running on a page from evil.com from reading the cookies for twitter.com and sending them to evil.com. To prevent SQL injection attacks, www.sweetvids.com uses input sanitization to remove the following characters from all user-provided text fields: =-. However, they forgot to include ; in the list, and as a result, some hacker figures out a way mount a successful SQL injection attack on their site. Based on this, which of the following are accurate? Circle true or false. (c) True or False: This vulnerability was a predictable consequence of using blacklisting: it s too easy to leave something out of a blacklist. (d) True or False: This bug would not have been exploitable if all modern browsers used privilege separation and sandboxing, like Chrome does. (e) True or False: If www.sweetvids.com had used address space layout randomization (ASLR), it would have been difficult or impossible for an attacker to exploit this vulnerability. Midterm 1 Page 4 of 7 CS 161 Sp 14

Problem 4 Web security (20 points) www.awesomevids.com provides a way to search for cool videos. When presented with a URL such as: http://www.awesomevids.com/search.php?search=cats The server will return an HTML search results page containing:... searched for: <b> cats </b>... In particular, the search phrase from the URL parameter is always included into the HTML exactly as found in the URL, without any changes. (a) The site has a vulnerability. Describe it, in a sentence or two. (b) Alice is a user of www.awesomevids.com. Describe how an attacker might be able to use this vulnerability to steal the cookies that Alice s browser has for www.awesomevids.com. You can assume that the attacker knows Alice s email address. (c) The developers of www.awesomevids.com hear rumors of this vulnerability in their site, so they deploy framebusting on all of their pages. Does this prevent exploitation of the vulnerability? Why or why not? Circle yes or no, then provide a one- or two-sentence explanation of why or why not. Yes No Explanation (why or why not): Midterm 1 Page 5 of 7 CS 161 Sp 14

Problem 5 More web security (16 points) You are the developer for a new fancy payments startup, CashBo, and you have been tasked with developing the web-based payment form. You have set up a simple form with two fields, the amount to be paid and the recipient of the payment. When a user clicks submit, the following request is made: http://www.cashbo.com/payment?amount=<dollar amount>&recipient=<username> You show this to your friend Eve, and she thinks there is a problem. She later sends you this message: Hey, check out this funny cat picture. http://tinyurl.com/as3fsjg You click on this link, and later find out that you have paid Eve 1 dollar via CashBo. (Background: Tinyurl is a URL redirection/shortener service that s open to the public. Thus, Eve was able to choose what URL the link above redirects to.) (a) Name the type of vulnerability that Eve exploited to steal one dollar from you, in the story above. (b) What did the tinyurl link redirect to? (c) How could you, as the developer of CashBo, defend your web service from this sort of attack? Explain in one or two sentences. Midterm 1 Page 6 of 7 CS 161 Sp 14

Problem 6 Memory safety (24 points) Assume all preconditions are met whenever the following function is called. You may also assume that the following code is executed on a 32-bit machine. /* Copy every step th character from src to dst */ /* Requires: src,dst are valid non-null pointers, n <= sizeof(src), n <= sizeof(dst) */ void vulncopy(char* dst, char* src, int n, int step) { for (int i = 0; i < n; i += step) { dst[i] = src[i]; } } (a) This code has a memory-safety vulnerability. Describe it. (b) What parameters could an attacker provide to vulncopy() to trigger a memorysafety violation? (Your input must comply with the preconditions for vulncopy().) (c) If the vulnerable code was compiled using a compiler that inserts stack canaries, would that prevent exploitation of this vulnerability? Answer yes or no. You do not need to justify your answer. (d) If the vulnerable code was run with DEP (Data Execution Prevention), would that prevent exploitation of this vulnerability? Answer yes or no. You do not need to justify your answer. Reminder: DEP uses the NX (non-executable) bit to mark the stack and heap regions as non-executable, so no page in memory is both writeable and executable. Midterm 1 Page 7 of 7 CS 161 Sp 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback