CS 161 Computer Security Spring 2010 Paxson Wagner Final Exam P RINT your name last first S IGN your name P RINT your class account login cs161Your TA s name Your section time Name of the person sitting to your left Name of the person sitting to your right You may consult one sheet of paper double sided of notes written for this final exam plus the two sheets of paper you brought to midterm 2 one of which was from midterm 1 You may not consult other notes textbooks etc Calculators and computers are not permitted Please write your answers in the spaces provided in the test We will not grade anything on the back of an exam page unless we are clearly told on the front of the page to look there You have 180 minutes There are 9 questions of varying credit 200 points total The questions are of varying difficulty so avoid spending too long on any one question Do not turn this page until your instructor tells you to do so Problem 1 Problem 2 Problem 3 Problem 4 Problem 5 CS 161 Spring 2010 Final Exam Problem 6 Problem 7 Problem 8 Problem 9 Total 1 Problem 1 Spoofing attacks 18 points Usually the DNS protocol runs over UDP However it is also possible for DNS to use TCP a Suppose you are using your laptop on an open wireless network and an attacker is within range of the wireless network so the attacker can eavesdrop on all your traffic and inject forged packets Circle one of the following that best describes the threat the attacker poses 1 The attacker can successfully inject a spoofed DNS response if your laptop uses UDP for all of its DNS queries but not if it uses TCP for all of its queries 2 The attacker can successfully inject a spoofed DNS response if your laptop uses TCP for all of its DNS queries but not if it uses UDP for all of its queries 3 The attacker can successfully inject a spoofed DNS response if your laptop uses either TCP or UDP for its DNS queries 4 The attacker cannot successfully inject spoofed DNS responses b Suppose you access the Internet over a secured Ethernet network so that the attacker cannot eavesdrop on your traffic but the attacker can still inject forged packets You can use either TCP or UDP for your DNS queries Assume that the relevant TCP implementations choose Initial Sequence Number ISNs uniformly at random and that the relevant DNS implementations do not implement source port randomization Regarding Kaminsky style blind spoofing of DNS replies circle one of the following that best describes the threat the attacker poses 1 When you use TCP for your queries you are safer harder to attack than when using UDP 2 When you use UDP for your queries you are safer harder to attack than when using TCP 3 You are equally vulnerable to the attack whether you use UDP or TCP 4 In this scenario you are not vulnerable to the attacker regardless of whether you use UDP or TCP continued on next page CS 161 Spring 2010 Final Exam 2 c Suppose we could deploy a mechanism that would ensure IP source addresses always correspond to the actual sender of a packet in other words suppose it is impossible for an attacker to spoof source addresses Circle all of the following threats that this mechanism would completely eliminate By eliminate a threat we mean that the anti spoofing mechanism would suffice to prevent exploitation of the threat without any additional mechanisms or assumptions 1 2 3 4 5 6 Buffer overflow attacks Cross site request forgery CSRF attacks TCP SYN flooding TCP RST injection Spam None of the above d Again suppose we could deploy a mechanism that would ensure IP source addresses always correspond to the actual sender of a packet Circle all of the following threats for which this mechanism would eliminate at least some common instances of the attack but not all instances Eliminate an attack instance refers to preventing that attack instance from succeeding without any additional mechanisms or assumptions 1 2 3 4 5 6 Buffer overflow attacks Cross site request forgery CSRF attacks TCP SYN flooding TCP RST injection Spam None of the above CS 161 Spring 2010 Final Exam 3 Problem 2 Reasoning about memory safety 24 points Consider the following C code void delescapes char s int n int i 0 j 0 while j n if s j j j 3 else s i s j i i 1 j j 1 We d like to know the conditions under which delescapes is memory safe and then prove it On the next page you can find the same code again but with blank spaces that you need to fill in Find the blank space labelled requires on the next page and fill it in with the precondition that s required for delescapes to be memory safe If several preconditions are valid you should list the most general precondition under which it is memory safe Also on the next page fill in the three blanks inside delescapes with invariants so that 1 each invariant is guaranteed to be true whenever that point in the code is reached assuming that all of delescapes s callers respect the precondition that you identified and 2 your invariants suffice to prove that delescapes is memory safe assuming that it is called with an argument that satisfies the precondition that you identified Keep in mind that as emphasized in the last homework invariants should be self contained and state all facts that are needed for a proof of memory safety You may ignore the possibility of NULL dereference errors for this question You may use the notation size s to refer to the amount of memory allocated for s CS 161 Spring 2010 Final Exam 4 Here is the same C code again this time with space for you to fill in the precondition and three invariants Remember fill in all blanks requires void delescapes char s int n int i 0 j 0 while j n if s j j j 3 else s i s j i i 1 j j 1 CS 161 Spring 2010 Final Exam 5 Problem 3 Espionage 25 points For this problem assume the existence of a super top secret Incredibly Valuable Document IVD belonging to a business competitor You are desperate to read the IVD and are prepared to undertake dubious measures to do so The IVD is 100 KB kilobytes in size and you already have a copy of it encrypted using a 128 bit AES key You have 3 avenues available for reading the document Buy bots at a cost of 1 per 210 bots Each bot can brute force 240 keys per week FYI this is about 1 8 million keys per second You can buy up to 224 17 million bots and then alas the underground market has no more to offer you Bribe an employee of the competitor who has access to the key used to encrypt the document The …
View Full Document
Unlocking...