Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSE 127: Intro to Security > Lec 2: Security Principals > Flashcards

Lec 2: Security Principals Flashcards

1
Q

How to analyze the security of a system?

A
  • What is the system and what is its value
  • identify the attack surface

– how can it be attacked?

  • identify potential vulnerabilities
  • identify the threats and adversaries

– what is the threat model you need to protect against?

  • triage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the system?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the attack surface? (What are the avenues by which someone might try to attack your system?)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why use attack trees?

A
  • to think about attack surface like a bad guy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are vulnerabilities?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are threats? What do they correspond to?

A
  • Actions by adversaries who try to exploit vulnerabilities to damage asset
  • Correspond to confidentiality, integrity, authenticity and availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the threats to a voting machine?

A
  1. Extract records: find out who voted for who
  2. Tampering with data: change outcome of election
  3. Spoofing identity: vote as someone else
  4. Crash machine: prevent others from voting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is confidentiality and how can it be violated?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is integrity and how can it be violated?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is authenticity and how can it be violated?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is availability and how can it be violated?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why do you need a threat model?

A
  • to organize what you assume about attackers’s goals and capabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What do you assume about attacker’s goals and capabilities?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the triage?

A
  • threats, vulnerabilities and asset value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How do you evaluate what combination of threats * vulnerabilities * asset value are the biggest?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the shared secret between the physical lock and key?

17
Q

What is a bitting code?

A
  • the discrete code that a key is cut with

– cuts at regular intervals (4-6 cuts)

– depth of cuts quantized in standard fashion

18
Q

What are the design assumptions of a physical lock?

A
  • if you don’t know the secret code, you can’t open the lock
  • the secret code is secret
  • if you can’t open the lock, everything is fine
19
Q

How is the design assumption “if you don’t know the secret code, you can’t open the lock” flawed?

A
  • lock bypass via manipulation
    1. picking
    2. raking
    3. bumping
20
Q

How does picking a lock work?

21
Q

How does raking a lock work?

22
Q

How does bumping a lock work?

23
Q

Defenses for picking, raking, and bumping attacks?

A
  1. security pins

– Spool pins, mushroom pins, interlocking pins

—- Shapes that get “stuck” when plug under tension

—- Pin rotation (angled cuts on keys)

  1. ancillary locking mechanisms; sidebars
24
Q

How do master keys work?

A

Second set of pins (spacers); multiple shear lines

25
What are the problems are of master keying?
26
What are the problems with "The secret code is secret" security design assumption?
- lock bypass via duplication -- field casting -- decoding
27
What is optical decoding?
Decode keys semi-automatically from photos - Traditional computer vision problem (photometry) - Normalize for scale and rotation
28
What is UCSD's Sneakey?
Project where: Reference key measured at control points • User supplies correspondences between target key and reference image • Image normalized (homographic transform), cut locations identified and cut depths measured (n guesses)
29
What's the problem with the solution of just selling a unique key to a customer in order to prevent decoding?
- can easily be re-made through key milling machines or 3D printing
30
What's one defense to the problems of the secret code is secret?
- Electronic & mechanical keys - Challenge/response via RF ◆ But own issues; batteries, replay, how to program, etc - HIGH SECURITY/Very expensive solution: -- Electronic; no battery; self-erase; heavy RF shielding; different combination for each user; unerasable audit log
31
What's the problem of the "If you can’t open the lock, everything is fine" design assumption?
- can go around

CSE 127: Intro to Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions