Comp Security- Week 3

Question 1

Low level security

Answer 1

Related to programming language itself

Question 2

High level security

Answer 2

Related to security properties/objectives

Question 3

bug

Answer 3

a place where real execution behavior differs from expected behavior

Question 4

control flow hijack objective:

Answer 4

gain control of instruction pointer %eip

Question 5

denial of service objective:

Answer 5

cause program to crash or stop servicing clients

Question 6

information disclosure objective

Answer 6

leak private info such as saved pass

Question 7

control flow hijack attacker goal and ex

Answer 7

goal to take over target machine by executing arbitrary code by hijacking applications control flow
ex. make eip change to what attacker downloaded
ex. buffer overflow and string format attack

Question 8

heartbleed attack

Answer 8

SSL protocol allows you to secure web
The magic word is sent to clients to make sure theyre still connected to server and the server responds back
Problem: if magic word is 6 letters and an attacker sends more than that it causes a buffer overflow since the server is forced to write more when there was only space dedicated for 6 so extra letters are written in memory in a place that wasnt dedicated for that
the server overwrites and when it responds back it also sends what was prev saved in memory

Question 9

for heartbleed what does attacker need to know

Answer 9

the cpu and os in target machine