Unit 10

Question 1

For each of the following scenarios, which type of interference is taking place?
(a) Alice alters Bob’s file without permission.
(b) A hacker deploys software to observe packets travelling on a network.
(c) A website receives a flood of requests for a web page, preventing callers from
viewing the site.
(d) A user receives an email appearing to be from his supervisor, who did not send
the email.

Answer 1

(a) Modification
(b) Interception
(c) Interruption
(d) Fabrication

Question 2

How many possible Caesar ciphers are there in English?

Answer 2

Assuming a 26-character alphabet (ignoring, for example, punctuation), there are 25
possible substitutions.

Question 3

How would you decode an English message encoded in ROT13, assuming an 26-character alphabet?

Answer 3

You would apply the same function again! The cipher is its own inverse. Two shifts of 13 return you to your starting point in the English alphabet. In this case the
encryption key and the decryption key have the same value.

Question 4

Why is public key cryptography called asymmetric and private key cryptography called symmetric?

Answer 4

In public key cryptography there are two different keys, the public key and private key, one used for encryption and the other for decryption.

In private key cryptography there is one key, the secret key suitable for both encryption and decryption.

Question 5

What classes of cipher might you be likely to use in the following circumstances?

(a) Storing passwords in a local file
(b) Proving you sent an email
(c) Using a wireless connection on your laptop
(d) Encrypting files on a file system

Answer 5

(a) **Hash **- hash function provides a quick way of associating an input with a numerical output
(b) Public key and hash (for signing) -
(c) Stream - encrypt communications of unknown length ‘on the fly’
(d) Block cipher - which transforms fixed-length blocks of plaintext into ciphertext

Question 6

What is a secure channel?

Answer 6

A secure channel is a communication channel between a pair of processes that can authenticate each other and provides confidentiality and integrity services, including
time stamping.

Question 7

Give an example of a handshake in SSL.

Answer 7

Cipher negotiation and certificate exchange are examples.

Question 8

Why would a class loader check for overriding of final methods, when this check is already performed by a compiler before producing a class file?

Answer 8

The class loader is examining bytecode, which could have been altered since compilation.

Question 9

Why would a security policy require that the security manager could only be set once?

Answer 9

This means that another manager cannot be substituted, so the ways in which checks are performed cannot be altered.

Question 10

State the two steps required to implement permissions-based security for an application.

Answer 10

1 A security manager must be installed for the application, either on the command line
or in the code.
2 A policy must be specified, either dynamically (by executing some code) or statically (using default policy files or a specified policy file).

Question 11

Explain the purpose of the following entry in a policy file. Identify the target and the action.

grant codeBase “http://www.gggg.com”
{
permission java.io.FilePermission “C:\database.dat”, “read”;
};

Answer 11

This is a policy entry granting FilePermission to code from the code base

http://www.gggg.com

allowing that code to carry out “read” actions on the file database.dat.

Question 12

In the following scenario, identify possible subject(s) and principal(s).
Jane Doe wishes to make an online purchase. Jane will first need to authenticate herself to her computer by logging in. Once online, she logs in to her shopping website account and makes a purchase using her credit card. Later she visits the website of the department of motor vehicle licences and enters her driving licence number to check that her contact information is correct.

Answer 12

The user Jane is the subject.

The principals are her user IDs for her computer and for the online shop. (The passwords in each case are credentials used to authenticate her.)

Another principal is the driving licence number Jane used to login to the motor vehicle licensing website.

Question 13

Why would you normally want to implement the equals method of an implementation
of Principal?

Answer 13

You need to implement equals so that the system can compare one principal to another. If you do not do this, your principal will inherit equals from Object, and equality will be determined based on principal references rather than their contents.

Question 14

Why do you think the PrivilegedAction interface is required?

Answer 14

An instance of a class implementing the PrivilegedAction interface encapsulates and demarcates the work to be done with a set of privileges.

This means that there is less chance of accidentally invoking code with certain privileges, and also it is clear when that set of privileges stops applying and we go back to using the thread’s context.

Question 15

Distinguish between a subject and a principal.

Answer 15

A subject is an entity that can be authenticated, that is, a source of a request to perform some action.

A principal is an identity associated with an authenticated subject.

Question 16

What is the purpose of a login module in JAAS?

Java
Authentication and Authorization Service (JAAS).

Answer 16

A login module implements a method of authentication, such as biometric scanning or prompting a user for a login and password.

A commit method is used to associate credentials with a subject.

Question 17

When would you use the method doAsPrivileged?

Answer 17

You would use this method when you want to execute code with the permissions associated with a particular principal.

You can grant a principal permissions in a policy file, and this principal can be associated with a subject on authentication.

Question 18

What steps are taken when a protected web resource is accessed?

Answer 18

At this point (if lazy authentication is used) the caller must be authenticated. If successful, this results in the server storing credentials for the caller in a session context.

The credentials are subsequently used to decide if the caller may access the protected resource, using a principal or role (see below for a discussion of roles).

Once authenticated, a caller can be identified by one or more principals, which are mapped to roles by the container. A role represents a type of user, for example, a customer or administrator. Setting up roles requires some initial configuration, but can be simplified by collecting principals in a group and assigning a role to the group.
Belonging to a role is similar to having a key to a room containing the various resources the role is allowed to use – all members of the role have the same privileges. Remember that principals are created on authentication. Therefore, when a caller is authenticated, if the caller’s principal or group can be mapped to a role permitted to access the requested resource (or code), then the action is authorised.
Roles separate the mechanism for controlling security from descriptions of users or callers outside the container. This means that the container need not be concerned with who or what has made a request, but only with whether or not the role associated with a caller is allowed to do what it is attempting. Notice also that this means that only the person deploying the code needs to know what roles users are in, and hence what privileges they have.

Question 19

What is a role and how does it relate to users of a system?

Answer 19

A role is a name for a kind of caller and can be used to authorise actions.

Users can be mapped to groups or roles so that the permissions applied to the roles apply to those users.

Thus, a programmer does not have to know the users of a system, just the different roles of users of a system.

Question 20

Explain the difference between declarative and programmatic security.

Answer 20

In declarative security, security roles and restrictions on the execution of code are established using entries in XML deployment descriptor files.

In programmatic security,** roles** and restrictions are established using Java code.