Posted:

27 May 2021

The questions for Quiz 1.

Multiple-choice

Choose all answers that apply.

  1. The best answer to the question, "is my system secure?" is "no". Why?

    1. Security can never be achieved

    2. The question is not specific enough

    3. Specific security mechanisms should not be divulged, lest an attacker learn them.

    4. Systems can’t be secured, only simple mathematical operations can.

  2. A hacker encrypts data on a hospital’s computers and threatens to withold the encryption key unless they get paid (ransomware). Is this primarily a failure of:

    1. Confidentiality

    2. Integrity

    3. Availability

    4. Authentication

    5. Authorization

  3. A faculty member puts a document with a student’s name and ID in the recycling instead of shredding it. Is this primarily a failure of:

    1. Confidentiality

    2. Integrity

    3. Availability

    4. Authentication

    5. Authorization

  4. The memory safety of a forensic analysis tool is subverted by a malicious image, whose payload alters forensic analysis results. Is this primarily a failure of:

    1. Confidentiality

    2. Integrity

    3. Availability

    4. Authentication

    5. Authorization

  5. Which of the following are good examples of security policies?

    1. Encrypting patient records

    2. Checking IDs at staff entrances

    3. Sanitizing pulse oximetry equipment between patients

    4. "A patient’s records shall only be accessible by their care team."

    5. "A patient is defined to be a person receiving treatment within the hospital."

  6. A software system has memory safety errors. Is this a:

    1. Threat

    2. Vulnerability

    3. Adversary

    4. Attack

  7. A corporate intelligence gatherer "tailgates" an employee (i.e., walks behind them into a secured location without scanning a badge) of a rival firm. Is this a:

    1. Threat

    2. Vulnerability

    3. Adversary

    4. Attack

  8. Which of the following are part of a Python script’s TCB?

    1. Python interpreter

    2. C library

    3. Operating system

    4. Hardware

  9. Which of the following statements are true?

    1. The return-to-libc attack defeats return-oriented programming

    2. A non-executable stack is a specific instantiation of the more general W^X policy

    3. ROP is not possible under ASLR

    4. ROP is not possible under W^X

  10. In a bytecode-interpreted language, where is memory safety enforced?

    1. Bytecode verifier

    2. Interpreter

    3. MMU

    4. Source compiler

Long-answer

  1. Give an example other than one given in the course notes of a leaky abstraction.

  2. Assume the following C program has been compiled:

    #include <stdio.h>
#include <string.h>

void foo(const int data[], int len)
{
	printf("data len: %d\n", len);
	printf("data: %d %d\n", data[0], data[1]);
}

void bar(const char *buffer, int len)
{
	const int *integers = (int*) buffer;

	foo(integers, len / 4);
}

int main()
{
	char message[16];
	strcpy(message, "Hello, world!\n");
	int len = strnlen(message, sizeof(message));

	bar(message, len);

	return 0;
}

    yielding the following symbols as revealed by nm(1):

    0000000000201670 T _start
00000000002019f0 T bar
00000000002019b0 T foo
0000000000201960 T main

    This program is then executed in a debugger, with execution paused at the beginning of the bar function. At that point, the contents of (a portion of) the stack are:

    0x7fffffffe900: 60 e9 ff ff 04 00 00 00 60 e9 ff ff ff 7f 00 00  `.......`.......
0x7fffffffe910: 40 e9 ff ff ff 7f 00 00 dd 19 20 00 00 00 00 00  @......... .....
0x7fffffffe920: 30 2b 20 00 00 00 00 00 60 e9 ff ff ff 7f 00 00  0+ .....`.......
0x7fffffffe930: 30 2b 20 00 10 00 00 00 60 e9 ff ff ff 7f 00 00  0+ .....`.......
0x7fffffffe940: 80 e9 ff ff ff 7f 00 00 99 19 20 00 00 00 00 00  .......... .....
0x7fffffffe950: e8 e9 ff ff ff 7f 00 00 60 e9 ff ff ff 7f 00 00  ........`.......
0x7fffffffe960: 48 65 6c 6c 6f 2c 20 73 74 75 64 65 6e 74 73 20  Hello, students
0x7fffffffe970: e8 e9 ff ff ff 7f 00 00 01 00 00 00 00 00 00 00  ................
0x7fffffffe980: c0 e9 ff ff ff 7f 00 00 70 17 20 00 00 00 00 00  ........p. .....

    1. (2.1) What is the address of buffer?

    2. (2.2) What is the address of the len parameter of bar?

    3. (2.3) What is the address of the data parameter of bar?

    4. (2.4) To what address will the program return when leaving bar?

    5. (2.5) If buffer were to be overflowed, which function’s return would be affected?

    6. (2.6) How many integers could bar write into data without overwriting any return addresses?

  3. Explain, with reference to a diagram, one mechanism that can be used to defend against stack smashing.