Computer Security - CS 419 - Exam 1
Spring 2017
February 20, 2017 - Paul Krzyzanowski
- 6 points
Explain the difference between confidentiality and integrity. - 6 points
Here is some C code where an application allows a file to be deleted only if it belongs to the group staff. The program works fine. Explain the security flaw in the logic of this program.// allow the user to remove testfile only if it belongs to the "staff" group if (stat(testfile, &sb) < 0) { // get info about the file perror(testfile); exit(1); } if ((g = getgrgid(sb.st_gid)) < 0) { // look up the group name for the group ID perror(testfile); exit(1); } // allow delete only if the group name is "staff" if (strcmp(g->gr_name, "staff") == 0) { if (unlink(testfile) < 0) perror(testfile); // something went wrong else printf("deleted %s\n", testfile); } else printf("cannot delete %s, group name = \"%s\"\n", testfile, g->gr_name); - 6 points
How do Linux capabilities help enforce the principle of least privilege? - 6 points
Why does the Biba model pose a risk to intellectual property theft? - 6 points
Under what conditions can stack canaries detect off-by-one overflow attacks? - The Trusted Computing Base (TCB) is:
(a) The set of applications that are security sensitive.
(b) A set of software that adds security to an insecure system.
(c) A computer system that has been configured to be secure.
(d) The components in which vulnerabilities will jeopardize the security of the entire system. - In POSIX systems without access control lists, a file has:
(a) One owner and one group.
(b) One owner and one or more groups.
(c) One or more owners and one group.
(d) One or more owners and one or more groups. - Execute permission for a directory means:
(a) You can create and delete files in that directory.
(b) The directory contains programs that are executable.
(c) You can read the contents of the directory.
(d) You can search for file in a directory but not necessarily see the contents of the directory. - An Access Control List (ACL) is:
(a) A list of files and access permissions for a specific user.
(b) A list of files that a user can access.
(c) A list of user and group access permissions for a file.
(d) A list of users who are authorized to access the system. - What is wrong here?
program >secretfile; chmod u=rw,g=,o= secretfile
(a) Group and other must be assigned some access permissions; they cannot have none.
(b) There is a race condition that may allow an intruder to read secretfile.
(c) Another user with the same user ID will have access to the file.
(d) A user cannot have both read and write access to the same file. - Which activity violates the Principle of Least Privilege?
(a) A mail server has access to all users' mailboxes.
(b) A print server can access a private spool directory.
(c) A web server runs with root privileges to serve pages from user directories.
(d) A user can collaborate with another user by editing the same file. - Which operation is inefficient with capability lists?
(a) Check the user's access permissions when opening a file.
(b) Copy file access rights of one user to another user.
(c) Change access rights of a single file for all users.
v Delete all access rights for a specific user. - Mandatory Access Control (MAC) differs from Discretionary Access Control (DAC) because:
(a) With MAC, users cannot change access permissions for their files.
(b) MAC applies to subjects while DAC applies to objects.
(c) MAC policies apply to a collection of computers while DAC policies apply to only one system.
(d) The kernel enforces MAC permissions while DAC permissions are only advisory. - A risk with the Bell-LaPadula model in its basic form is that:
(a) A user with low privileges may overwrite a high-privilege file.
(b) A user with high privileges may overwrite a low-privilege file.
(c) A user with low privileges may read a high-privilege file.
(d) A user with high privileges may read a low-privilege file. Role-based Access Control (RBAC):
(a) Allows file sharing only with users that have the same role.
(b) Assigns hierarchical privilege levels to different classes of users in an organization.
(c) Is a form of discretionary access control.
(d) Is based on defining roles based on job functions. - What is the best way to prevent buffer overflow attacks?
(a) Use a language that has run-time checks of array boundaries.
(b) Address Space Layout Randomization.
(c) No-execute stack memory.
(d) Stack canaries. - A landing zone is:
(a) The current frame pointer, which defines the base for local variables.
(b) A series of no-op instructions preceding injected code.
(c) The buffer containing malicious code.
(d) The location on the stack that contains the target branch address. - What will printf("%d%n", 123, &x) do?
(a) Print "123" and write a pointer to the string "123" into x.
(b) Print "123" and write the number 123 into x.
(c) Print "123" and write the number 3 into x.
(d) Print "123" and write the number 1 into x. - Fuzzing is the technique of:
(a) Using encrypted return values on the stack so malicious code cannot write meaningful addresses.
(b) Entering easy-to-find patterns to trigger buffer-overflow errors.
(c) Having a compiler generate code to check for buffer overflows.
(d) Exiting a program if a buffer overflow is detected. - Return-Oriented Programming, ROP, was created to overcome:
(a) Stack canaries.
(b) Data execute protection (DEP).
(c) Address space layout randomization (ASLR).
(d) Buffer overflows. - With stack canaries, a compiler may reorder local variables such that:
(a) Arrays and regular variables are randomly interspersed.
(b) Arrays are allocated onto the heap and not the stack.
(c) Arrays are at the top of the stack, followed by regular variables.
(d) Arrays are at the bottom of the stack, followed by regular variables.
Note: top of stack = the last item added to the stack = low memory; bottom = high memory - SQL injection works when:
(a) An attacker uses a buffer overflow exploit to change the query string.
(b) A buffer overflow exploit changes the operation of the SQL interpreter.
(c) User input becomes part of the query string.
(d) Executable code is sent as input instead of a query. - Setting the LD_PRELOAD shell variable:
(a) Turns off Address Space Layout Randomization (ASLR), enabling attacks.
(b) Preloads user input to a program.
(c) Preloads a different program that will be executed whenever a user tries to run a program.
(d) Allows you to overwrite library functions that a program might use. - A homograph attack is a form of:
(a) Deception.
(b) Privilege elevation.
(c) Code injection.
(d) Denial of service. - FreeBSD Jails are a big improvement over chroot because they:
(a) Do not require root privilege to run.
(b) Can limit the operations that a root user can perform in the jail.
(c) Use a separate memory manager to ensure that jailed processes have their own address space.
(d) Create an isolated file system namespace. - Social engineering refers to training individuals to follow proper security policies and be on the lookout for violations.
- Data integrity means that the data can only be read by authorized users.
- A threat is a weakness or error in the security system.
- In POSIX, you can create a file that others can write to but you cannot.
- The setuid bit causes a program to run with the user's privileges instead of the program owner's.
- A capability list is a list of users and the operations they can perform on a specific file.
- To avoid problems with pathnames referencing a file outside a base directory, you should reject any files that contain "../" substrings.
- The Type Enforcement Model is essentially an admin-managed access control matrix.
- The Chinese wall model relies on saving the state of past accesses.
- A heap overflow cannot overwrite a return address.
Part I — 30 Points
PART II - 60 points - 3 points each.
For each statement, select the most appropriate answer.
