[ Home ]
[ Schedule ]
[ Research ]
[ Classes ]
 

Introduction to Computer Security Midterm Exam

  1. List the main types of threats and give examples of each (recall).

    Disclosure (getting another user's password), Integrity (modifying another user's configuration files), and DoS (physically destroying a computer).

    3 minutes.

  2. State the differences between and the similarities of the Bell-LaPadula disclosure model and the Biba integrity model. (Comprehension)

    BL allows no writes down and no reads up in terms of security levels. Biba allows no reads down and no writes up. Both require security levels.

    5 minutes.

  3. What operation is performed on capability masks when a user runs a program? Why does this make sense intuitively? (Comprehension)

    AND. For every operation that is done, it must be legal for both the user and the program.

    3 minutes.

  4. Show a scheme for assigning capabilities to new programs run by the user. Give justifications for your decisions and ideas for implementation. (Synthesis)

    Partial credit for saying, "Give every new program the same mask as the user that created it." Assigning new capabilities would require modifications to the chmod() system call in Unix or anything that could make a file executable in any other system. Full credit for also saying that a global mask for all new executables is useful.

    10 minutes.

  5. List 3 public key cryptography algorithms. (Recall)

    RSA, DSA, El Gamal.

    2 minutes.

  6. List 3 block cypher algorithms. (Recall)

    AES, DES, IDEA, Blowfish, 3DES.

    2 minutes.

  7. Describe what the following picture is and what is being acheived in each step. (Analysis)

    1. Authentication server request. The name of the client, the ticket granting server, the time, and a session id.

      Request a ticket (TGT) to talk to the TGS.

    2. Authentication server reply. A session key, the name of the TGS, the time, and the session id are encrypted with the key of the client so only the client can read it. The ticket is also encrypted in the TGS' key so the TGS can get the session key. The session key is created by the AS and needs to remain secret because Kerberos is shared secret.

      Send a ticket that only the client can use to talk to the TGS.

    3. TGS request. The authenticator (name, IP address, and time) encrypted in the session key. The ticket encrypted in the TGS' key. The server name, time, and session id.

      Get a ticket from the TGS with our TGT.

    4. TGS reply. A session key for the client and server, the server name, the time, the session id, encrypted in the client/TGS session key. A ticket encrypted in the server's key is also included to send to the server.

      Give the ticket to the client.

    5. Application request. The authenticator and an optional subsession key encrypted in the client/server session key. The client/server ticket encrypted in the server's key.

      Authenticate the client to the server.

    6. Application reply. A timestamp encrypted in the client/server session key.

      Authenticate the server to the client.

    20 minutes.

  8. Is encryption sufficient to secure a system? (Evaluation)

    No. Encryption, when implemented correctly, is often very strong and provides excellent security of the protected data. However, this reason is precisely why it is not sufficient to secure a system - most attackers go after the weakest point in the system which is often not the encryption mechanisms. Usually they attack bugs or weak passwords.

    10 minutes.

  9. Suppose a networked system is set up with three concentric firewalls. Those outside all of the firewalls can only access an external webserver. There is an authenticating proxy that allows access behind the second firewall from users behind the outer firewall. The innermost firewall has a similar proxy with relation to the second firewall. Each proxy has a different database of users and passwords. Explain the benefits and problems with this setup from the view of security and usability.

    Benefits: Could be very secure. Accesses can be well documented and analyzed.

    Drawbacks: This setup is quite complex and could be easily misconfigured. Two separate databases of users and passwords are likely to lead to problems for users with access to all levels, probably making them use the same password for each firewall. This setup implies that the webserver is also on the same network as highly secured machines - this could be very dangerous. Users of multiple levels may have to go through several proxies to get to their work.

    15 minutes.

  10. Suppose you wanted to send an encrypted message to a friend that lives far away. You both have telephone and internet access. List the steps you would take to ensure that the message you send is as unreadable as the encryption guarantees. Give reasons for each of the steps.

    You each make public/private key pairs and send each other the public keys via email. You call your friend using a phone number that he or she gave you in person. Authenticate your friend by asking about something that only you and they would know. Verbally confirm the fingerprints of each other's private keys. Hang up. Encrypt and sign your message with your private key and your friend's public key. Email the message.

    10 minutes.