[ Home ]
[ Schedule ]
[ Research ]
[ Classes ]
 

Assignment 4 - Exercises

Recall

  1. List the 3 types of threats we discussed in the first week.
  2. Name 2 integrity models.
  3. What does PKI stand for? Give an example of a PKI algorithm.
  4. Name a type of attack which is specific to (a) local systems and (b) networked systems.
  5. What law prevents users from breaking encryption on products they purchased (or licensed)?

Comprehension, translation, interpretation

  1. Define and give an example of a disclosure and an integrity threat.
  2. Briefly state the difference between the Bell-LaPadula Disclosure model and the Biba Integrity model.
  3. Why is one-way encryption a useful tool?
  4. Briefly describe what SYN-flooding is and how it works.
  5. Describe a few simple ways that developers can avoid buffer overflow problems.

Application to concrete situations

  1. A system administrator one day receives an email stating that the system he oversees has been broken into. The author of the email says that he or she exploited a known security hole in an FTP server and gives the path of a file containing the text '@ l337 haX0r wa$ h3r3'. How can the administrator determine the intent of the attacker? What further steps should he take after receiving the email?
  2. A company has a procedure for handling sensitive, company-secret documents. Within each department, the manager is allowed to read all documents, assistant managers are allowed to read certain secret documents, and normal employees are allowed to read only public documents. Executives are allowed to read all documents in all departments. No employees in a department are allowed to read any documents other than public documents from another department. Describe a mechanism to manage sensitive documents in the company.
  3. Suppose you wanted to send an encrypted message to a friend that lives far away. You both have telephone and internet access. List the steps you would take to ensure that the message you send is as unreadable as the encryption guarantees. Give reasons for each of the steps.
  4. Imagine that one day you go to your favorite website and the site appears to be defaced. List what you would do to find out what happened to the site and where the break-in was.
  5. Suppose that an accident happens at a company such that some email messages are routed to the wrong mailboxes. The number of misrouted emails is small, so the system administrator decides to fix up the mailboxes by hand. In the course of doing so, the administrator discovers an email that could potentially get an employee fired. What should the administrator do? (Consider the legal, ethical, and job security concerns the admin might have.) What if this happened at a school and the emails contained evidence of cheating?

Analysis

  1. Suppose a networked system is set up with three concentric firewalls. Those outside all of the firewalls can only access an external webserver. There is an authenticating proxy that allows access behind the second firewall from users behind the outer firewall. The innermost firewall has a similar proxy with relation to the second firewall. Each proxy has a different database of users and passwords. Explain the benefits and problems with this setup from the view of security and usability.
  2. Is it possible to emulate security labels in Unix with user and group permissions? What would be the performance impact?
  3. Would introducing PKI into Kerberos provide any benefits? What changes would have to be made?
  4. Suppose a system administrator notices that a server is slower than usual and runs 'top' to check for unusual activity. There is a process named 'swapd' which is doing a lot of I/O that the administrator has never noticed before. What can he or she do to investigate the problem further? Can he or she trust the tools on the server? Why or why not?
  5. A company has a privacy policy for its employees that states that any company official (executives and system administrators) has the right to intercept and view any work-related email that is sent from or to they company's system. Should an employee expect any privacy in his or her communications at work? Does the company face any problems with this policy?

Synthesis

  1. Is it possible to make a system more secure by improving the user interface? If so, how?
  2. In a system with mandatory access (MAC) labels, are capabilities necessary? If not, is there a performance benefit to including both?
  3. What role can encryption play in the integrity and disclosure models that we have discussed?
  4. We have already seen the protocol attacks that are possible with two-ended TCP connections. What kinds of problems exist with multicast protocols? anycast?
  5. Compose an informal privacy policy for a company that offers free email. Discuss the privacy implications for the users and the costs/liability for the company.

Evaluation

  1. Which is more dangerous: a malicious attacker or a normal user who accidently causes a security breach? Why?
  2. State the highest location in the level of OS abstraction that capabilities can be implemented. Argue why any higher level would be ineffective.
  3. Explain why encryption is rarely sufficient to protect a system.
  4. Viruses, worms, trojan horses, etc. have obvious implications for integrity and disclosure. Explain the power they have to affect DoS attacks.
  5. List and explain a few attitudes which often hinder the security of systems. Give at least one attitude at the level of developers, companies, system administrators, and users.