Midterm

Question 1

Access Control Policies

Answer 1

• Discretionary Access Control
• Mandatory Access Control
• Role based (RBAC)
• Attribute based (ABAC)

Question 2

Example of DAC

Answer 2

Unix file mode (read, write, execute)

Question 3

Subject

Answer 3

an entity capable of accessing objects

Question 4

Object

Answer 4

a resource to which access is controlled

Question 5

MAC

Answer 5

Access is granted based on comparing subject security clearances to security labels on objects

Question 6

DAC

Answer 6

Allows user to access a resource as well as by own volition enable another entity to access the same resource

Question 7

Access Control Matrix

Answer 7

Objects vs Subjects (each box contains permissions like own, read, write, etc…)

Question 8

RBAC

Answer 8

Access is granted based on what roles users have inside the system and what permissions those roles carry

Question 9

ABAC

Answer 9

Controls access based on user attributes, resource to be accessed, and environmental conditions

Question 10

Permitted Set

Answer 10

Limiting superset of a thread’s effective capabilities (capabilities a thread MAY assume)

Question 11

Inheritable Set

Answer 11

Set of capabilities preserved across an execve

Question 12

Effective Set

Answer 12

This is the set of capabilities used by the kernel to perform permission checks for the thread.

Question 13

Weird machine

Answer 13

Computational artifact where additional code execution can happen outside the specification of the program

Question 14

Three malware propagation techniques

Answer 14

1. Infection of an existing executable or interpreted content by viruses
2. exploit of software vulnerabilities either locally or over a network by worms or drive-by-downloads
3. social engineering attacks that convince users to bypass security mechanisms to install trojans or respond to phishing attacks.

Question 15

Virus

Answer 15

Malware that tries to replicate itself into other executable code

Question 16

Worms

Answer 16

Independent program that propagates itself onto hosts through a network

Question 17

Trojan Horse

Answer 17

A program that appears to have a useful function, but has a hidden malicious function

Question 18

Bots

Answer 18

malware that subverts the computational and network resources of the infected system for the use of the attacker

Question 19

Spyware

Answer 19

General monitoring of a system to gain useful knowledge

Question 20

Rootkits

Answer 20

Set of programs installed on a system to maintain covert access to system with root privileges, while hiding evidence of its presence

Question 21

Non executable memory

Answer 21

Marks memory regions as non-executable

Question 22

Return to LibC Attack

Answer 22

Inserting an existing binary’s address into the return address (don’t need to inject own code)

Question 23

Reverse engineering

Answer 23

Reverse engineering is the process of extracting the knowledge or design blueprints
from anything man-made

Question 24

White box analysis

Answer 24

Looking at source code for vulnerability or algorithm details

Question 25

Grey box analysis

Answer 25

Looking at low-level implementation with inferred abstractions

Question 26

Black box analysis

Answer 26

Using only input and output relations, make conclusion about how system behaves

Question 27

Static analysis

Answer 27

Looking at the code without executing program

Question 28

Dynamic analysis

Answer 28

Looking at what code does by stepping through its execution

Question 29

Static analysis example

Answer 29

Sign analysis to check for division by zero (among others)

Question 30

Dynamic analysis example

Answer 30

Assertions to check for conditions that halt execution if not met

Question 31

Economy of Mechanism

Answer 31

Security mechanisms should be as simple as possible

Question 32

Fail-safe defaults

Answer 32

Base access decisions based on permission rather than exclusion

Question 33

Complete mediation

Answer 33

Every access to every object must be checked for authority

Question 34

Open Design

Answer 34

The design should not be a secret

Question 35

Separation of Privilege

Answer 35

Divide a program into parts that are given necessary privileges only when needed

Question 36

Least privilege

Answer 36

Give user least privileges necessary to do the job

Question 37

Least Common Mechanism

Answer 37

Minimize the amount of mechanism common to more than one user and depended on by all users

Question 38

Psychological Acceptability

Answer 38

It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly.

Question 39

Least Astonishment

Answer 39

Users should not be astonished at the way a feature behaves

Question 40

Security Implementation Strategy

Answer 40

1. Identify
2. Prevent
3. Detect
4. Respond
5. Recover

Question 41

Why were setuid and setgid deemed necessary?

Answer 41

To allow users to execute files with temporarily elevated rights.

Question 42

How to find set-uid programs

Answer 42

$ find /usr/bin /usr/lib -perm /4000 -user root

Question 43

How is Malware classified?

Answer 43

1) Propagation method

2) Payload type

Question 44

Why was Slammer’s propagation so fast?

Answer 44

It used UDP (no handshakes)

Question 45

Anomaly-based Intrusion Detection

Answer 45

Detects both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous

Question 46

Signature-based Intrusion Detection

Answer 46

Scans files for known malware “signatures” (most anti-virus today)

Question 47

Advantages of Anomaly-based Intrusion Detection

Answer 47

Good for unknown attacks

Question 48

Advantages of Signature-Based Intrusion Detection

Answer 48

• Few false positives

- Model construction

Question 49

Disadvantages of Anomaly-based Intrusion Detection

Answer 49

• Higher false positives

- Model construction

Question 50

Disadvantages of Signature-Based Intrusion Detection

Answer 50

• Hard to defend against unknown attacks

- Polymorphic attacks

Question 51

Intrusion Detection Approaches

Answer 51

• Host-based
• Network-based
• Hybrid

Question 52

Host-based IDS

Answer 52

• OS Audits
• Program execution monitoring
• Memory evaluation

Question 53

Network-based IDS

Answer 53

• Deploy strategic network sensors
• Inspect network traffic
• Monitor user activities

Question 54

Confidentiality

Answer 54

Preserving authorized restrictions on information access and disclosure

Question 55

Integrity

Answer 55

Guard against improper data modification

Question 56

Availability

Answer 56

Ensuring timely, reliable access to information

Question 57

Bug

Answer 57

A flaw in code

Question 58

Vulnerability

Answer 58

Exploitable bug

Question 59

Exposure

Answer 59

Bug that reveals info that can then be used to penetrate system

Question 60

Threat

Answer 60

Potential security harm

Question 61

Exploit

Answer 61

A threat that uses a vulnerability/exposure to violate system security

Question 62

Security Implementation: Identify

Answer 62

Develop institutional understanding to manage cybersecurity risk to systems, assets, data, etc…

Question 63

What data is stored in the iNode?

Answer 63

All data about a file except name and and actual data (owner, permissions, size, date, etc…)

Question 64

Common characteristic of memory corruption exploits

Answer 64

Inserting crafted address into EIP

Question 65

Main bug allowing memory corruption exploits

Answer 65

No range checking on inputs

Question 66

Stack Guard

Answer 66

Inserts canaries to verify integrity

Question 67

Data Execution Prevention (DEP)

Answer 67

Kernel enforces that no data can be executed as code

Question 68

ASLR stands for

Answer 68

Address Space Layout Randomization

Question 69

What does ASLR do?

Answer 69

Randomly re-arranges address space positions of key process data regions

Question 70

ASLR Entropy

Answer 70

19 bits

Question 71

How to execute a return-to-libc

Answer 71

1. Overwrite return addr to “system()”
2. Overwrite next 4-bytes with “exit()”
3. Overwrite next 4-bytes with “/bin/sh”

Question 72

4 authentication methods:

Answer 72

Something a user:

1) Knows
2) Has
3) Is
4) Does

Question 73

2-Step Verification is an example of

Answer 73

Have

Question 74

In Linux, user account data is stored in

Answer 74

/etc/passwd

Question 75

In Linux, hashed passwords are stored in

Answer 75

/etc/shadow

Question 76

2^10

Answer 76

1024

Question 77

2^20

Answer 77

1M

Question 78

2^30

Answer 78

1B

Question 79

Rainbow Table

Answer 79

Precomputes H(Dictionary) to speed up comparisons

Question 80

How to defeat rainbow table attack

Answer 80

Use a salt

Question 81

What’s in the shadow file

Answer 81

UserID :: Password(alg, salt, hash) :: other shit