CS395: Computer Security (Prof. Szajda) Exam 2 November 15, 2006

Name:______

Note: This exam is closed book, closed note. You are to complete without the aid of your colleagues. The Honor Code applies. Your completed test is to be returned to my office by no later than 5:00pm on Tuesday, November 28, 2006.

Please keep your answers concise and to the point.

  1. (12 points) Explain in some detail (though without going into assembly code of the like) why buffer overflow attacks are possible, and how they are implemented.
  1. What is meant by the term type-safe as applied to a programming language? How does strong typing help increase the security of a language?
  1. What is meant by the term incomplete mediation?
  1. Explain the general notion of a TOCTOU vulnerability?
  1. What is meant by the term privilege escalation?
  1. What is a covert channel? Explain how a file-lock covert channel might work.
  1. Explain in some detail each of the following compute virus related terms:
  2. Boot sector infector
  3. Executable infector
  4. Multipartite virus
  5. TSR virus
  6. Stealth virus
  7. Encrypted virus
  8. Polymorphic virus
  9. Macro virus.
  10. Rabbit (a.k.a. Bacteria)
  11. Logic Bomb
  1. What property of macro viruses make them potentially much more effective from an attacker's perspective?
  1. Explain in some detail how the Internet Worm worked. In particular, your discussion should include consideration of the particular routines and applications the vulnerability exploited, as well as the propagation mechanism (including the means through which potential new targets were chosen and the mechanics of infection).
  1. We have discussed that providing protection in operating systems can be difficult because of the need to enforce both separation of objects and sharing of some of those objects. Two methods of accomplishing this balance are sharing via access limitations and sharing via capabilities. Explain what capabilities are, and the important differences between capabilities and sharing via access limitations. In particular, what kinds of protection measures do capabilities allow that are not allowed by sharing via access limitation?
  1. Regarding access control mechanisms, discuss the differences between directories and access control lists. You should of course explain what each of the two mechanisms is, and then address in particular the types of operations that are more efficient (or inefficient, or problematic) for each access control mechanism (and why the particular operations are efficient/inefficient/problematic).
  1. ``Although secure in theory, human practice often degrades quality of this means of authentication.'' Explain in some detail.
  1. Discuss the fundamental conflict between the desire to allow longer passwords and the desire to implement practical security.
  1. Discuss the primary points of the paper Biometric Authentication Revisited. In particular, I would like to see you mention the lessons that the paper advocates regarding the use of biometric authentication.
  1. You are trying to crack a target's password (which you may assume is at most 10 ASCII characters in length). Discuss your plan of attack including the specific strategies you will use, the order in which you will use them, and why you will use them.
  1. List three reasons why it is not a good idea for an operating system to employ a plaintex system password list, even if the OS access control mechanisms restrict read permissions to system level processes.
  1. (12 points) Explain in detail what a TCP sequence number attack involves. Be sure to discuss in particular:
  2. The TCP three-way handshake initialization protocol that two parties go through to set up a TCP connection.
  3. Why the granularity of the rate of change of the initial sequence number is more important than the average rate of change.
  4. Why is this attack not practical for an intruder targeting one of the Internet backbone routers?
  1. (6 points) What exactly is a TCP source routing attack? Be sure to explain why it (sometimes) works.
  1. (12 points) Explain what is meant by each of the following four secure system design principles. For each principle, describe why it is considered good security practice.
  2. Least Privilege
  3. Complete Mediation
  4. Open Design
  5. Psychological Acceptability