CS 161 Computer SecurityFall 2005 Joseph/Tygar/Vazirani/Wagner HW 1Due Friday, September 23 at 11amPlease include the following at the top of the first page of your homework solution:Your full nameYour login nameThe name of the homework assignment (e.g. hw3)Your section numberStaple all pages together, and drop them off in drop box #2 (labeled CS161/Fall 2005) in 283 Soda by 11amon the due date.Homework exercises:1. (1 pts.) Any questions?What’s the one thing you’d most like to see explained better in lecture or discussion sections? Aone-line answer would be appreciated.2. (4 pts.) Getting started(a) Read the course web page. Write on your homework, immediately after your name, the follow-ing sentence: “I understand and will comply with the academic integrity policy.”(b) What is the course policy regarding working on homework in groups?(c) Register with the grading system. These are the instruction for becoming registered for the class:i. Login to your instructional named account (cory account)ii. Set your environment variable $MASTERDIR to /home/ff/cs161• if your are using tcsh or csh: setenv MASTERDIR /home/ff/cs161• if you are using bash: export MASTERDIR=/home/ff/cs161iii. Run registerThat’s it. If you want to, you can put the environment setting for the MASTERDIR variable inyour .cshrc or .bashrc, so you don’t have to set it every time you login.(d) What is David Wagner’s favorite security-related book? The answer is found on the coursenewsgroup, ucb.class.cs161. Look for the post from David Wagner titled “The answerto question 1(d),” and write down the answer you find there. Instructions on how to access thenewsgroup may be found on the course web page.(Why are we having you do this? The class newsgroup is your best source for recent announce-ments, clarifications on homeworks, and related matters, and we want you to be familiar withhow to read the newsgroup.)CS 161, Fall 2005, HW 1 13. (45 pts.) Attack TreesAn attack tree is an AND-OR tree. Each node is labeled with an attack goal, i.e., an effect that anattacker might try to achieve by mounting some kind of attack. The root node corresponds to theultimate attack goal (e.g., violate one of the security goals). The child nodes of a node representsubgoals that help the attacker make progress towards the goal at the parent. If the parent is an ORnode, then achieving any one of the subgoals suffices to achieve the goal at the parent. If the parentis an AND node, then the goal at the parent is achieved when you achieve all of the subgoals at thechildren. You stop refining the goals when you reach an acceptable level of detail: e.g., when eachleaf contains a simple elementary goal whose difficulty of achieving it can be easily assessed.You can find more information about attack trees, and a number of example trees (including the exam-ple from the Sept 8th sections) at: http://www.schneier.com/paper-attacktrees-ddj-ft.html(a) Your attack target is to find the contents of a file owned by USER and belonging to GROUP withchmod value 640 on a UNIX file system (owner: read-write access; group: read-access). HereUSER is some arbitrary username, and GROUP is some Unix group. Describe as many differentways to read the file as possible (at least four). For example, one way is to discover the rootpassword. Express these goals using an attack tree with one level. (If you don’t know how UNIXfile system security works, you may refer to the textbooks or do a google search for this topic onthe web, for example: http://tille.xalasys.com/training/unix/x262.html)(b) For each of those goals, design successive sub-goals. For example, one way to get the rootpassword is to watch the system administrator log in and remember his password. Incorporatethese sub-goals into the attack tree from part (a). The final tree should include a total of 15 to 40nodes (the more the better).(c) Once you have an attack tree, you can do interesting things with it. For instance, if you labeleach leaf with the cost of achieving the corresponding goal, then you can propagate costs up thetree by summing at each AND node and taking the min at each OR node; the result is the costof achieving the top-level security goal (and the cheapest ways to do so).Assign rough costs to the tasks in your attack tree, measured in terms of t/(1 − p), where t =the time required to achieve the task, and p = the chance of detection. For example, watchingthe system administrator might require t = 8 hours (to catch the right time that he types hispassword) and the chance of detection is maybe p = 50%. This gives it a cost of 8/(1− 0.5) = 16units.(d) Calculate the total attack cost of reading a private file using your model.(e) Make a constructive suggestion (based on your attack tree) to make private UNIX files moresecure.(f) Construct a new attack tree based upon your suggested change, and calculate the improvementin security that your change will have.(g) Do you think this is a good way to analyze security? Why or why not?4. (30 pts.) In-band and Out-of-band Signaling(a) In-band signaling in a communication architecture shares the same communication infrastruc-ture for both data (e.g., voice) and control information (e.g., connection setup, billing, connec-tion teardown).CS 161, Fall 2005, HW 1 2Out-of-band signaling in a communication architecture relies on a separate communication in-frastructure for data and another one for control information.Explain one advantage and one disadvantage of a communication architecture that uses in-bandsignaling versus one that uses out-of-band signaling.(b) Signaling System #7 (SS#7) provides a separate, out-of-band signaling system. Explain howthis signaling system improved the security of the telephone network when it was introduced,and explain why it is inadequate today.(c) Suggest a way to improve SS#7’s security without forcing everyone to buy a new telephone, orchanging the way people place calls.5. (20 pts.) Default ConfigurationsGive two reasons/examples of why default configurations for software/hardware can be a securityproblem.CS 161, Fall 2005, HW 1
View Full Document
Unlocking...