Lesson 2

Question 1

It may be conducted by criminals, but also by states for industrial espionage, for economic damage to apply pressure, or to inflict real damage to infrastructure as an act of war.

Answer 1

Cyberattacks

Question 2

______ also known as Cybersecurity or IT security, is the protection of computer systems from the damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

Answer 2

Computer security

Question 3

Security in general includes both ________ and _________.

Answer 3

cybersecurity; physical security

Question 4

True or false:

Cybersecurity requires some form of physical security, since physical access to computer systems enables a whole class of attacks. Conversely, physical security may depend on cybersecurity to the extent that it uses computer systems, e.g., to monitor some physical space or maintain a database of authorized persons.

Answer 4

True

Question 5

Duplicating and exchanging data and code with anyone anywhere in the world is nowadays a trivial, extremely fast process, with almost zero cost. Hence, an attack or malware launched by a single person can spread worldwide, at a large-scale, in less than an hour.

Answer 5

Digital information is immaterial

Question 6

a single bit flip may introduce a critical failure and turn a perfectly working system into a malfunctioning one, which is then more vulnerable to compromise. This contrasts with the laws of physics, which tend to be continuous at a macroscopic level, and usually let one observe a slow deformation of a structure before it reaches its breaking point. Digital information ignores borders, and may even play with contradictions between the legislations of different countries or their maladaptation to the digital age. This makes cybersecurity much harder to achieve than other forms of security.

Answer 6

Digital information is of discrete nature

Question 7

It is concerned with the absence of misbehavior, both in normal and exceptional situations, but still in a neutral environment when no one is trying to intentionally attack the system.

Answer 7

Software safety

Question 8

______ is not just a matter of chasing bugs: it also calls for an analysis of the possible sources of misbehavior and how to handle them in a fail-safe manner. This requires a specification of the software’s expected behavior, including a model of the environment, and some justification as to how or why the software respects its specification.

Answer 8

Software safety

Question 9

________ aims for the absence of misbehavior in an adversarial environment, where an attacker intentionally tries to misuse a system, putting it in an erroneous state that is not part of its intended specification.

Answer 9

Software security

Question 10

It refers to accidental threats, due to internal misbehaviors or non-intentional misuse of the system, while security refers to intentional threats.

Answer 10

Safety

Question 11

_____ deals with fault-tolerance, while security deals with resistance to attacks. For example, a car may crash because of a software specification or an implementation bug (safety issues), or because of an attacker taking remote control of the vehicle (a security issue).

Answer 11

Safety

Question 12

_________ is an essential cornerstone in a digital world which increasingly pervades every aspect of our daily lives, public and private. Without security, the world collapses.

Answer 12

Security

Question 13

Attacks such as ______ have deeply impacted unprepared citizens, private companies, and organizations, threatening their activities.

Answer 13

WannaCry

Question 14

True or False:
All the domains of our digital world are concerned, including the embedded devices omnipresent in our “smart” homes, and in industrial production controllers (including those for critical infrastructures like power and water supplies).

Answer 14

True

Question 15

The ______ example highlights that all electronic devices need to be secure.

Answer 15

Mirai botnet

Question 16

____________. The WannaCry attack relied on an operating system exploit that had been fixed in a Windows update two months earlier. This only impacted unprepared end users and system administrators who failed to update their computers in a timely manner, not realizing how important it was.

Answer 16

Education is essential to security.

Question 17

________ is often regarded as complex, mechanically limiting its usage. Usable security, meant to facilitate use of security by end users, is an important and active research domain that is closely related to security education and awareness.

Answer 17

Security

Question 18

True or False:

The security of a system is always limited by that of its weakest component. Even if the core security components (e.g., the cryptographic primitives) are rarely attacked, the same cannot be said of the software implementations of the cryptographic protocols and services. In the case of WannaCry, the attack relied on an exploit of the Windows SMB protocol (the first weak link), which was sufficient to take full control of the computer, no matter what other operating system protections were in use.

Answer 18

True

Question 19

A _____ should be secure even if everything about the system, except the key, is public knowledge. This principle should be applied to other systems as well. An open design and well documented system will actually ease security reviews by experts. Attackers are often able to reverse engineer systems, and “security by obscurity” only gives a false sense of security. For instance, the attack on smart lights exploited an undocumented functionality.

Answer 19

cryptosystem

Question 20

True or false:
Large, complex systems cannot be totally validated through human inspection. automatic verification tools are needed to find security protocol flaws as well as implementation flaws.

Answer 20

True

Question 21

True or false:
Security and privacy are closely related.

The WannaCry ransomware did not try to exfiltrate user’s data, but it could have done so. The attacker had full access to data stored on target computers (e.g., the patient database of a medical center) and could have threatened to disclose this sensitive information. It is therefore essential that security and privacy be considered together at the design stage so that, for instance, malicious intrusions do not put data at risk. Security by design, and more recently privacy by design, have become key principles in security design.

Answer 21

True

Question 22

True or false:
Diversity of attackers’ motivations and the difficulty of attribution.

Although WannaCry has been classified as ransomware, motivated by the desire to make money, the NotPetya malware that quickly followed it in June 2017 might be a state-sponsored malware that attempted to disguise itself as ransomware in order to muddy attribution and potentially to delay investigations.

Answer 22

True

Question 23

True or false:
Detection and mitigation of attacks.

The previous examples show that security is hard to achieve. Since zero risk cannot exist, the early detection and mitigation of attacks is as important as the attempt to reduce the risk of successful attacks.

Answer 23

True

Question 24

True or false:
Security comes at a cost. It is easy to understand that security may be expensive, with additional costs to study, implement, configure, manage, and evolve security tools. But security can also have an operational cost, leading to less efficient systems. For example, mitigating the Spectre or Meltdown attacks may require removing some cache techniques or disabling speculative execution. Such mitigation would entail a significant and possibly unacceptable processor-speed slowdown. Hence, in some cases, one may have to accept a difficult compromise between security and efficiency.

Answer 24

True

Question 25

Cybersecurity consists in ensuring three basic and essential properties of information, services, and IT infrastructures well known as the CIA triad:

Answer 25

Confidentiality Integrity Availability

Question 26

: assurance that information is disclosed only to authorized persons, entities, or processes.

Answer 26

Confidentiality

Question 27

: assurance that the system (configuration files, executable files, etc.) or information are modified only by a voluntary and legitimate action, i.e., that the system or information have not been accidentally or deliberately changed.

Answer 27

Integrity

Question 28

: assurance that a system or information is accessible in a timely manner to those who need to use it.

Answer 28

Availability

Question 29

: assurance that a message is from the source it claims to be from.

Answer 29

Authenticity

Question 30

: ability for individuals to control their personal data and decide what to reveal to whom and under what conditions. Privacy can thus be generally defined as the right of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.

Answer 30

Privacy

Question 31

: confidentiality of the identity of the user or entity. We note that preventing re-identification through side information is not easy, and that indistinguishability, which ensures that an attacker cannot see the difference among a group of entities, is also an important property linked to privacy. Note also that anonymity aims at hiding who performs some action, whereas full privacy may also require hiding which actions are being performed.

Answer 31

Anonymity

Question 32

: a set of rules that specify how sensitive and critical resources are protected, i.e., how some or all of the previous properties are guaranteed.

Answer 32

Security policy

Question 33

: initially defined as the ability of a system to return to its original state after an attack, resilience is nowadays seen as the capacity of a system to deliver its services continuously, even while under attack (i.e., capacity to tolerate attacks).

Answer 33

Resilience

Question 34

A _________ must offer preventive services to hinder any violation of these properties, detection services to identify any successful attempt to violate these properties, and reaction services to deploy new or enhanced counter- measures in case of any successful violation.

Answer 34

secure computer system

Question 35

The goal of ______ is to protect a computer system against attacks, one must also assume that some of the attacks will succeed. Therefore, it also deals with intrusion detection and responses to attacks.

Answer 35

cybersecurity

Question 36

________ first involves precisely defining which entity may access what information and in which way: permissions, prohibitions, or obligations to read or write information are to be defined. This constitutes a so-called security policy.

Answer 36

Prevention

Question 37

_________ can even take place before the definition of a policy. Indeed, it is good software engineering to detect early source and binary code vulnerabilities that could be exploited to violate the security properties: this is the security by design principle. Even earlier on, we may also prove that a given property is guaranteed by the software: this is formally proved security.

Answer 37

Prevention

Question 38

__________, being the capacity to tolerate attacks, has of course a lot of similarities with fault tolerance, which deals with hazardous hardware failures or software bugs. Even if the hypothesis of safety and security are quite different, since attackers do not follow the rules but rather continuously search for new breaches, the mechanisms proposed to tolerate faults may be adapted to tolerate attacks.

Answer 38

Cyber-resilience

Question 39

Some basic principles of cyber-resilience include _______, which have long been well-established in the database community.

Answer 39

replication of data and backups