CPS 510 final exam, 4/27/2015

Similar documents
Qualifying exam: operating systems, 1/6/2014

CPS 310 final exam, 5/1/2014

Fall 2005 Joseph/Tygar/Vazirani/Wagner Final

Who s Protecting Your Keys? August 2018

CPS 310 first midterm exam, 10/6/2014

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

CPS 512 midterm exam #1, 10/7/2016

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

Crypto Background & Concepts SGX Software Attestation

CS 416: Operating Systems Design April 22, 2015

OS Security IV: Virtualization and Trusted Computing

Course Outline. Course Outline :: 20744A::

BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX

Maintaining the Anonymity of Direct Anonymous Attestation with Subverted Platforms MIT PRIMES Computer Science Conference October 13, 2018

[MS20744]: Securing Windows Server 2016

1. CyberCIEGE Advanced VPNs

Name: uteid: 1. CS439H: Fall 2011 Final Exam

Dashlane Security White Paper July 2018

Technical Brief Distributed Trusted Computing

Windows 8 Boot Camp 6439; 5 Days, Instructor-led

SafeBricks: Shielding Network Functions in the Cloud

Virtual Private Networks.

Implementing Microsoft Azure Infrastructure Solutions

An Introduction to Trusted Platform Technology

But where'd that extra "s" come from, and what does it mean?

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Web Servers and Security

CS /29/17. Paul Krzyzanowski 1. Fall 2016: Question 2. Distributed Systems. Fall 2016: Question 2 (cont.) Fall 2016: Question 3

Overview of Authentication Systems

Man in the Middle Attacks and Secured Communications

CS 111. Operating Systems Peter Reiher

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

Security Considerations for Cloud Readiness

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Web Servers and Security

How Secured2 Uses Beyond Encryption Security to Protect Your Data

Distributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

CS4411 Intro. to Operating Systems Exam 1 Fall points 9 pages

(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.

Operating systems and security - Overview

Operating systems and security - Overview

New Approaches to Connected Device Security

Feature Comparison Summary

Network Security and Cryptography. December Sample Exam Marking Scheme

Operating Systems Design Exam 3 Review: Spring 2011

Dashlane Security Whitepaper

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

Securing Windows Server 2016

Dashlane Security White Paper

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Network Security and Cryptography. 2 September Marking Scheme

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

SCONE: Secure Linux Container Environments with Intel SGX

CPS 310 midterm exam #2, 4/10/2017

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

20744: Securing Windows Server Sobre o curso. Microsoft. Nível: Avançado Duração: 35h

Veeam Cloud Connect. Version 8.0. Administrator Guide

Overview. SSL Cryptography Overview CHAPTER 1

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

TPM v.s. Embedded Board. James Y

Architecture. Steven M. Bellovin October 27,

CPS 110 Final Exam. Spring 2011

Securing Cloud Computing

Course Outline 20744B

Rule-Based Forwarding

Building a More Secure Cloud Architecture

TUX : Trust Update on Linux Kernel

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

SentinelOne Technical Brief

Dooblo SurveyToGo: Security Overview

OneID An architectural overview

IT Exam Training online / Bootcamp

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

Security Fundamentals

Securing Windows Server 2016

Security Specification

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

Feature Comparison Summary

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

Chapter 4. Protection in General-Purpose Operating Systems. ch. 4 1

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

CSWAE Certified Secure Web Application Engineer

SSL/TLS. How to send your credit card number securely over the internet

DIY Hosting for Online Privacy

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Town Crier. Authenticated Data Feeds For Smart Contracts. CS5437 Lecture by Kyle Croman and Fan Zhang Mar 18, 2016

CPS 310 second midterm exam, 11/14/2014

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo

Refresher: Applied Cryptography

Securing Windows Server 2016 (20744)

Microsoft Securing Windows Server 2016

CLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.

Qlik Sense Security. Understand security basics of the new Sense platform. 14 October, 2014 Magnus Berg Master Principal Enterprise Architect

Binding keys to programs using Intel SGX remote attestation

e-commerce Study Guide Test 2. Security Chapter 10

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data

Leveraging Intel SGX to Create a Nondisclosure Cryptographic library

Transcription:

CPS 510 final exam, 4/27/2015 Your name please: This exam has 25 questions worth 12 points each. For each question, please give the best answer you can in a few sentences or bullets using the lingo of the class. Please confine your answers to the marked boxes. Part 1. Threads and synchronization (a) Show how to implement mutual exclusion (locks) using semaphores. (b) Why might different executions of the same program with the same inputs yield different schedules with different synchronization orders? (c) Suppose two threads each write a value to memory location X. In one execution, the final value of X is the value written by thread A. In another execution, the final value of X is the value written by thread B. Do these writes constitute a race? How could you tell? (d) One goal of the scheduler activations idea is to reduce the time that multi-threaded programs spend in system calls. How does it achieve that? (e) What does a system with scheduler activations do when a thread blocks in the kernel? Why?

CPS 510 final exam, 4/27/15, page 2 of 5 Part 2. Access control. These questions pertain to access control in Unix and the Flume system. (a) When a Unix program is launched, its process is tagged with a userid for access control purposes. How does the kernel determine which value to give the userid? (b) The concept of a lattice is central to information flow control (IFC). Give a few examples of Flume labels to illustrate how they meet the properties of a lattice. (c) Why might a Flume endpoint have a label that is different from the label of the process that the endpoint is bound to? (d) How does Flume determine if it is safe for data to flow across a communication channel between two processes? (e) Why does Flume require that a trusted program have dual privilege for a secrecy tag in order to declassify data that is marked with the tag? For example, why must it have privilege to add the tag as well as remove it?

CPS 510 final exam, 4/27/15, page 3 of 5 Part 3. Haven. These questions pertain to the Haven/SGX enclave abstraction. Haven is designed to protect an app from all software outside the enclave, even the kernel. It specifies a procedure for a service owner to deploy a secure service application on a cloud provider, and establish trust in the deployment cryptographically via remote attestation. This question asks you to outline how this procedure uses basic cryptographic concepts (public keys, private keys, session keys, certificates, hashes, etc.) to authenticate the parties, implement secure channels, and defend against spying or subversion by an attacker. (a) Why do the authors of Haven believe that is important and useful to protect an app from "trusted" software, e.g., the kernel? Give two reasons. (b) How does the service owner verify that the deployment platform is a valid SGX server? (1) In some cases the host kernel is controlled by a third party (a cloud provider) who may have an economic incentive to spy on the app or subvert it. (2) The host kernel may itself be subverted by an attacker. Note that the Haven trust model does not address attacks from other co-hosted apps: this threat is covered by conventional OS isolation (including VMs). An SGX platform has a keypair whose private key is baked in to the processor. The platform s public key is endorsed by the vendor (Intel) in a certificate signed under a keypair controlled by the vendor. The certificate states: the vendor certifies that P is a public key belonging to an authentic SGX platform. (c) How does the service owner verify that the service is deployed correctly in an enclave on the platform? The platform computes a hash over the enclave code/data and initial parameters. It then generates a quote or attestation containing the hash and signed under the platform s keypair. The service owner receives this attestation certificate and validates it. (d) How does the service owner communicate securely with the deployed service in its enclave, without risk that the platform's kernel can inspect or modify the traffic? The service (shield) generates a keypair after launch. The public key is included in the quote signed by the platform. Therefore the service owner knows the service s public key. It can generate a session key and pass it to the service, encrypted with the service s public key. Subsequent communication is encrypted under the session key. (This is a whole lot like SSL.) (e) How does a client of the deployed service communicate securely with the deployed service in its enclave, without risk that the platform's kernel can inspect or modify the traffic? How does it authenticate the service? In Haven, the service owner passes the service (shield) a symmetric key to decrypt and access a Virtual Hard Drive (VHD). The VHD contains an SSL certificate for the service domain, and a corresponding private key. When a client contacts the service, the service presents its SSL certificate. An SSL connection is established in the usual way: the client generates a session key, and encrypts it under the public key in the SSL cert.

CPS 510 final exam, 4/27/15, page 4 of 5 Part 4. Consistency These questions pertain to consistency for networked data stores with replication, based on the papers on DDS, GFS, and Replicated Data Consistency Explained Through Baseball. (a) The Baseball paper presumes that all writes execute in the same order at all replicas. How would a replicated store ensure this property? (b) The Baseball paper discusses various models in which a replica may return stale data on a read. Given that all replicas execute the same writes in the same order, why would a replica ever return stale data on a read? (c) GFS is optimized for appends, but GFS reads may return inconsistent data when appendmode writes fail or cross chunk boundaries. How do GFS applications protect against using this inconsistent data returned by reads? (d) Leases are useful to preserve consistency when network connectivity is lost. What should a node do if it cannot renew a lease? (e) GFS has a centralized master server. This centralized master is not a performance bottleneck if the GFS design assumptions are valid. Briefly summarize why.

CPS 510 final exam, 4/27/15, page 5 of 5 Part 5. Loose ends. (a) In Remus, how does increasing the checkpoint interval affect service latency and checkpoint cost? Please draw little graphs to illustrate. (b) How does Remus determine what data to transmit in a checkpoint? (c) How does the GFS master ensure that updates to its data made by incoming RPCs are not lost if the master fails? (d) What was the hardest or most timeconsuming part of your solution to the Hacker lab (cracking into the buggyserver Web server)? (e) What was the most interesting or difficult concept that you learned in this class, and which is not represented elsewhere on this exam? Explain it as well as you can in the box. Have a great summer!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback