CSE127 Midterm. Yee Winter 03

Similar documents
Threat Modeling. Bart De Win Secure Application Development Course, Credits to

CS 167 Final Exam Solutions

(In columns, of course.)

6.033 Spring 2004, Quiz 1 Page 1 of Computer Systems Engineering: Spring Quiz I

Distributed Systems Theory 4. Remote Procedure Call. October 17, 2008

Program Structure. Steven M. Bellovin April 3,

Program Structure I. Steven M. Bellovin November 14,

CSE351 Winter 2016, Final Examination March 16, 2016

Homework 5: Exam Review

Introduction to Security and User Authentication

CS4411 Intro. to Operating Systems Exam 1 Fall points 9 pages

Final Examination CS 111, Fall 2016 UCLA. Name:

CS 167 Final Exam Solutions

Program Structure I. Steven M. Bellovin November 8,

(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.

C 1. Recap: Finger Table. CSE 486/586 Distributed Systems Remote Procedure Call. Chord: Node Joins and Leaves. Recall? Socket API

EECS 470 Midterm Exam Winter 2008 answers

Inline Reference Monitoring Techniques

Instructions 1 Elevation of Privilege Instructions

Verification & Validation of Open Source

Instructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.

GLOBAL PAYMENTS AND CASH MANAGEMENT. Security

CERT Secure Coding Initiative. Define security requirements. Model Threats 11/30/2010

CIS 5373 Systems Security

Security Architecture

Software Security: Misc and Principles

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

EECS 481 Software Engineering Exam #1. You have 1 hour and 20 minutes to work on the exam.

Midterm Exam CPS 210: Operating Systems Spring 2013

Midterm Exam: ECSE 427/COMP 310 Operating Systems Thursday, March 1, 2012 Place: ENGMC 304 & ENGTR 0070; Time: 10:30am 11:30am

CSE 378 Final Exam 3/14/11 Sample Solution

Fundamentals of Computer Security

18-447: Computer Architecture Lecture 16: Virtual Memory

COMP 3500 Introduction to Operating Systems Project 5 Virtual Memory Manager

Program Security and Vulnerabilities Class 2

Function Call Stack and Activation Records

CS 155 Final Exam. CS 155: Spring 2005 June 2005

0x1A Great Papers in Computer Security


CSE 127: Computer Security. Security Concepts. Kirill Levchenko

cs642 /introduction computer security adam everspaugh

2. You are required to enter a password of up to 100 characters. The characters must be lower ASCII, printing characters.

Lecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning

Secure Architecture Principles

Midterm #2 Exam Solutions April 26, 2006 CS162 Operating Systems

PUPIL ICT ACCEPTABLE USE POLICY

Secure Programming I. Steven M. Bellovin September 28,

York University AK/ITEC OBJECT-BASED PROGRAMMING. Midterm Test Sample. Examiner: S.Y. Chen Duration: One Hour and Fifteen Minutes

Securing Distributed Applications Oriented on Very Large Data Sets. OWASP Saturday, 11 August The OWASP Foundation

Security Engineering for Software

Software Security: Buffer Overflow Defenses

Midterm Exam #2 Solutions October 25, 2016 CS162 Operating Systems

Question: Total Points: Score: CSE421 Midterm Exam. 09 Mar 2012

CSCI Compiler Design

Digital Safety and Digital Citizenship

B+ Tree Review. CSE332: Data Abstractions Lecture 10: More B Trees; Hashing. Can do a little better with insert. Adoption for insert

Name: 1. CS372H: Spring 2009 Final Exam

Confinement (Running Untrusted Programs)

CSE331 Winter 2014, Midterm Examination February 12, 2014

Remote Procedure Call (RPC) and Transparency

Lecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning

Play with FILE Structure Yet Another Binary Exploitation Technique. Abstract

Power Teacher August 2015

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

CSE473/Spring st Midterm Exam Tuesday, February 19, 2007 Professor Trent Jaeger

Q1. What is Deadlock? Explain essential conditions for deadlock to occur?

Deadlock Revisited. CS439: Principles of Computer Systems April 23, 2018

ISM 324: Information Systems Security Spring 2014

CSE331 Winter 2014, Midterm Examination February 12, 2014

CS 540: Introduction to Artificial Intelligence

Programming Assignment 3

Computer Science 161

CSE 332 Spring 2013: Midterm Exam (closed book, closed notes, no calculators)

CS475 Network and Information Security

Network Security

ECS 153 Discussion Section. April 6, 2015

Stanford University Computer Science Department CS 295 midterm. May 14, (45 points) (30 points) total

Top-Down Network Design

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Today s class. Operating System Machine Level. Informationsteknologi. Friday, November 16, 2007 Computer Architecture I - Class 12 1

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

CSC369 Lecture 2. Larry Zhang

Virtual Memory #3 Oct. 10, 2018

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

CS 161 Computer Security. Design Patterns for Building Secure Systems

Question Points Score Total 100

University of Washington CSE 140 Data Programming Winter Final exam. March 11, 2013

Overview of Web Application Security and Setup

This exam contains 7 pages (including this cover page) and 4 questions. Once we tell you to start, please check that no pages are missing.

Chapter 13: I/O Systems

United States Naval Academy Electrical and Computer Engineering Department EC310-6 Week Midterm Spring AY2017

Computer Security Policy

CS 161 Computer Security

Secure Application Development. OWASP September 28, The OWASP Foundation

Programming Standards: You must conform to good programming/documentation standards. Some specifics:

Regression testing. Whenever you find a bug. Why is this a good idea?

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

Final Exam. 11 May 2018, 120 minutes, 26 questions, 100 points

CPS 310 midterm exam #1, 2/19/2016

CITI ACCESS AND DIRECTIONS FOR EXTRAMURAL PERFORMERS NEW USERS

Transcription:

CSE127 Midterm Yee Winter 03 Name and Student ID: Answer Key Wait until everybody has a copy before you start. This exam is closed book, closed notes. There are a total of 14 questions on 8 pages. There are 105 points possible. You might not have time to finish the entire exam don t be discouraged. Advice: skim through the entire test to determine which of the problems you can solve quickly and work on those first, rather than getting stuck on a hard problem early and wasting too much of your time on it. When you start, you should first make sure that you have all the pages, and write your name and your student ID on the first page, and your student ID on the top of all subsequent pages. Pages of this exam will be separated and graded separately if you fail to write your ID at the top of a page, you will not receive credit for answers on that page. Write clearly: if we cannot read your handwriting or your pencil smudges, you will not properly get credit for your answers. No electronic computation aids are allowed. Prob 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Total Score Poss 3 12 3 5 5 6 8 8 10 10 10 10 10 5 105

Student ID: Answer Key CSE127 W 03, Midterm 1 (Class basics) What does the compute security code of ethics which you signed say? (You do not need to have it memorized; a paraphrasing is okay.) (3pts) I will not use the knowledge learned from CSE 127 to break into computer systems uninvited. I will not share that knowledge with others unless they also agree to the Computer Security Code of Ethics. 2 (Basic Concepts) Give definitions of the following A. Confidentiality B. Integrity C. Accountability / Traceability / Non-Repudiation D. Availability (12pts) A. Confidentiality: Only authorized users are allowed to read confidential data files; others are denied access. B. Integrity: Only authorized users are allowed to modify (write) protected files; others are denied access. C. Accountability: System activities are logged so that users can be held responsible for their actions. D. Availability: Otherwise unused system resources remain available for use, rather than be tied up inappropriately. 3 (Basic Concepts) What is the KISS rule? (3pts) A. Use excessive makeup when trying to impress clients. B. No kissing in class/the work place. C. Krispy-kreme Indulgence Syndrome Sufferers: munchies attacks caused by computer insecurity worries. D. Keep It Simple, Stupid: keep designs simple when possible to avoid bugs. E. Kernel Interface Stabilization System: using it eliminates kernel-side race conditions. Score(s): 2 W 03Yee

CSE127 W 03, Midterm Student ID: Answer Key 4 (Basic Concepts) What is a Threat Model? What is Risk Management? Explain what these concepts are and how they relate to computer security. (5pts) Threat Models and Risk Management form part of the security model. To build a threat model, we identify the potential threats to the system who the attackers are, what the means and methods of attack might be, e.g., sources of risks such as known as well as undiscovered bugs, operational security risks, physical security risks, etc. After identifying the threats in threat modeling, we estimate the likelihood that the threats will materialize, determine the security assets that we wish to protect, and identify the risk mitigation strategies that we may wish to deploy and gauge their effectiveness and cost. The expected loss is the risk that must be managed e.g., by chosing the appropriate risk mitigation technique (cost-effective security mechanisms or tighter usage policies) so that the expected cost becomes acceptable. 5 (Expectation Values) Suppose you are invited to play a new (gambling) game g: Roll a (hypothetical) 10 sided fair die, and the dealer pays you according to the following payoff table die value payoff die value payoff 1 $1 6 $5 2 $1 7 $5 3 $1 8 $10 4 $2 9 $10 5 $2 10 $50 (1) What is the expected winnings from playing one game, i.e., what is E g? (2) If you have to pay the dealer $10 to play g, should you play it? (5pts) (1) E g e Events P e value e 1 10 $1 1 10 $1 1 10 $1 1 10 $2 1 10 $2 1 10 $5 1 10 $5 1 10 $10 1 10 $10 1 10 $50 1 $1 $1 $1 $2 $2 $5 $5 $10 $10 $50 10 1 10 $87 $8 70 So the expected payoff for playing a game is $8.70. (2) Since this game costs $10.00 to play, the net result is a loss of $1.30 per game. I should not play this game. W 03Yee 3 Score(s):

Student ID: Answer Key CSE127 W 03, Midterm 6 (Defense) Suppose a security consultant to your company suggested that you should buy a new security device to protect your company s computers. The device costs $170,000 for the first year (initial licensing, training, etc), and $10,000 per year to operate thereafter (license renewal, update, staff costs). The consultant assures you that the device will completely eliminate security incidents from the average of 5 per year, which costs your company about $10,000 per incident (in labor, lost customer confidence, etc). There are, of course, uncertainties for all of these estimates/claims. (1) Suppose this device operates as claimed for the forseeable future (at least, oh, 5 years). Should you adopt this device? (2) Suppose you believe that the attackers will learn about how the device works and develop new, more sophisticated attacks that will be bypass it. You estimate that after 4 years of use the device will provide only partial protection, lowering the incidence rate to one per year, should you adopt this device? (6pts) (1) Yes. If the device continues to operate as claimed for at least 4 years, it have cost the company $170 000 3 $10 000 $200 000 and saved the company 4 5 $10 000 $200 000; this is when the cross-over occurs: at each subsequent years the company saves $40 000 per year. year cumulative cost cumulative savings net savings 1 $170,000 $50,000 -$120,000 2 $180,000 $100,000 -$80,000 3 $190,000 $150,000 -$40,000 4 $200,000 $200,000 $0 5 $210,000 $250,000 $40,000 (2) Yes, after 4 years we break even, and thereafter we save $30,000 per year. year cumulative cost cumulative savings net savings 1 $170,000 $50,000 -$120,000 2 $180,000 $100,000 -$80,000 3 $190,000 $150,000 -$40,000 4 $200,000 $200,000 $0 5 $210,000 $240,000 $30,000 6 $220,000 $280,000 $60,000 Score(s): 4 W 03Yee

CSE127 W 03, Midterm Student ID: Answer Key 7 (Attack) What are buffer overflow bugs? How can they let attackers penetrate a system? (8pts) Buffer overflow bugs occur in languages where there is no array-bounds checking. If input can be provided to a program which causes array indexing to go out of bounds on a write operation, unintended memory changes can occur; in the common case of an input buffer array allocated in stack memory, by overflowing such an array an attacker can change control state such as return addresses to cause control to be transferred to inappropriate code (or to data that is interpreted as code). 8 (Concepts) What is a Trusted Computing Base? Name some of the typical components. (8pts) A Trusted Computing Base (TCB) is that portion of the system that must be trusted it implements the security mechanisms which enforces the system security policy. Typically this includes the hardware, the operating system kernel, the user authentication subsystem (e.g., login program), and system administration tools. The compiler may be part of the TCB when compiling and installing new system software from source is part of the system administration activity or might not, e.g., when the system is used for running programs and the programs are written and compiled elsewhere. W 03Yee 5 Score(s):

Student ID: Answer Key CSE127 W 03, Midterm 9 (Algorithms) Give the modular exponentiation algorithm described in class. Integer mod_exp(integer x, Integer n, Bit e[]) { int i; Integer y = 1, z = x; } for (i = 0; i < e.length; i++) { if (e[i] == 1) { y = y * z mod n; } z = z * z mod n; } return y; 10 (Differential * Analysis) What are statistical characteristics used in differential timing/power analysis of modular exponentiaton? Why are they important/how are they used in a DTA/DFA attack? The characteristic must exhibit data dependence as well as key dependence in differential timing analysis of modular exponentiation, the execution time of the modular multiply depends on the input values which are under external control; in differential power analysis, it is the amount of power consumed that depends on the input. In both cases, whether the characteristic is present in a measured value or not depends on the value of a bit in the hidden key. The data dependence permits measurements to be classifed and the presence or absence of the characteristic determined statistically. The presence or absence of the characteristic reveals information about the value of the key which we can use to refine the search. For modular exponentiation, the characteristic is the execution time/power associated with if (e[i] == 1) { y = y * z mod n; } The cost of performing this modular multiplication, if all lower order bits of the exponent is known and thus the inputs y and z are known, can be determined from a timing (or power) model. By classifying overall timing (or power) values according to our predictions, we should detect this signal if the exponent bit is one and detect nothing if it is zero. This allows us to determine the exponent one bit at a time, starting at the low-order bits. Score(s): 6 W 03Yee

CSE127 W 03, Midterm Student ID: Answer Key 11 (Attack) Describe the Tenex password attack and explain clearly how it works. In the Tenex operating system, switching to another user ID is done by an application supplying a username and password via a system call to the kernel. The kernel has access to a small file with the correct password for all the users, and after lookuping up the user the kernel performs a string comparison between that and the password provided by the application. The string compare operation terminates as soon as the result is known, i.e., it returns a failure at the first unequal character. By accessing memory held in different pages of memory, a program can control which virtual pages will be RAM resident and which will be paged out to disk. Using this control and by allocating the string buffer containing the password string so that it spans a page boundary, we can measure the switch-user system call response time to detect whether the password string is correct on a character-by-character basis: start with the first character in a RAM resident page and the rest in a page that is paged out. Incorrect guesses for the first character will return quickly, without paging in the page containing the rest of the string buffer. A correct guess, however, will cause the other page to fault in before seeing the next (incorrect) character of the password string, and the extra time required is an easily detectable characteristic. Repeat by shifting the string one byte lower in memory so that one unknown character is in the RAM-resident page and testing as before, until all the password characters are determined. This is a linear time operation. 12 (Networking) Describe how inetd can reduce system resource usage. Instead of having daemons start at boot time and consume process table slots and paging space, we run them as inferior daemons under inetd, the master daemon. At system boot inetd reads a configuration file /etc/inetd.conf describing all the inferior daemon service ports and programs which implement them, and inetd creates sockets for each of those ports and accepts connections on all of them. Only when a client connect to one of these ports do the inferior daemon get run: inetd forks a subprocess which sets up I/O descriptors so that the socket corresponding to the client becomes the standard input and output of the inferior daemon program. W 03Yee 7 Score(s):

Student ID: Answer Key CSE127 W 03, Midterm 13 (RPCs) Explain what marshalling means and explain when it occurs in the context of RPCs. The term marshalling refers to the process of copying data into a message buffer. When the client-side stub is invoked, the input arguments are marshalled into a request message, which also includes an RPC number to identify the request. This request is then sent (over the network) to the server. The server unmarshalls the arguments and invokes the service routine, which returns with output values. The output values are marshalled into a response message, which is sent as a reply to the client. The client stub unmarshalls the output values and returns them to its caller. 14 (Bonus, work on this only when done with everything else) Consider the following game g N : You pay $N to the dealer to play. The dealer flips a fair coin. If it comes up heads, you win $2N from the dealer (net win of $N). Otherwise you get nothing. (1) Should you play? Consider the strategy S. You pay $1 to the dealer to play g 1. If you win, you stop, having won $1. If you lose, you pay $2 to the dealer to play g 2. If you win, you will have won a net of $1 and you will stop. If you lose, have lost a net of $3, so you pay $4 to the dealer and play again at a higher stake. Eventually at some game g 2 k worth $2 k, you will win, and you will then have won a net of $1. It appears that by utilizing S, you will always win a dollar by playing many games of g N. (2) Should you play using strategy S? (5pts) (1) g is a fair game. (2) It is impossible to convert a sequence of fair games into a non-fair game. The proper analysis involves taking the limit of a sequence of finite-length games played using this doubling strategy: Let G k be the game where we play g according to the described strategy, with at most k steps, so G 1 g 1, G 2 g 1 g 2,..., G 4 g 1 g 2 g 4 g 8,... For all k, the expectation value of G k is 0, so lim k E G k 0. Score(s): 8 W 03Yee

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback