CS 161 Computer SecuritySpring 2010 Paxson/Wagner Final ExamPRINT your name:,(last) (first)SIGN your name:PRINT your class account login: cs161-Your TA’s name:Your section time:Name of the personsitting to your left:Name of the personsitting to your right:You may consult one sheet of paper (double-sided) of notes written for this final exam, plus the two sheetsof paper you brought to midterm 2 (one of which was from midterm 1). You may not consult other notes,textbooks, etc. Calculators and computers are not permitted. Please write your answers in the spacesprovided in the test. We will not grade anything on the back of an exam page unless we are clearly told onthe front of the page to look there.You have 180 minutes. There are 9 questions, of varying credit (200 points total). The questions are ofvarying difficulty, so avoid spending too long on any one question.Do not turn this page until your instructor tells you to do so.Problem 1Problem 2Problem 3Problem 4Problem 5Problem 6Problem 7Problem 8Problem 9TotalCS 161, Spring 2010, Final Exam 1Problem 1. [Spoofing attacks] (18 points)Usually, the DNS protocol runs over UDP. However, it is also possible for DNS to use TCP.(a) Suppose you are using your laptop on an open wireless network and an attacker is within range of thewireless network, so the attacker can eavesdrop on all your traffic and inject forged packets. Circle oneof the following that best describes the threat the attacker poses:1. The attacker can successfully inject a spoofed DNS response if your laptop uses UDP for all of itsDNS queries, but not if it uses TCP for all of its queries.2. The attacker can successfully inject a spoofed DNS response if your laptop uses TCP for all of itsDNS queries, but not if it uses UDP for all of its queries.3. The attacker can successfully inject a spoofed DNS response if your laptop uses either TCP or UDPfor its DNS queries.4. The attacker cannot successfully inject spoofed DNS responses.(b) Suppose you access the Internet over a secured Ethernet network, so that the attacker cannot eavesdropon your traffic, but the attacker can still inject forged packets. You can use either TCP or UDP foryour DNS queries. Assume that the relevant TCP implementations choose Initial Sequence Number(ISNs) uniformly at random, and that the relevant DNS implementations do not implement source portrandomization. Regarding Kaminsky-style “blind spoofing” of DNS replies, circle one of the followingthat best describes the threat the attacker poses:1. When you use TCP for your queries you are safer (harder to attack) than when using UDP.2. When you use UDP for your queries you are safer (harder to attack) than when using TCP.3. You are equally vulnerable to the attack whether you use UDP or TCP.4. In this scenario, you are not vulnerable to the attacker regardless of whether you use UDP or TCP.(continued on next page)CS 161, Spring 2010, Final Exam 2(c) Suppose we could deploy a mechanism that would ensure IP source addresses always correspond tothe actual sender of a packet—in other words, suppose it is impossible for an attacker to spoof sourceaddresses. Circle all of the following threats that this mechanism would completely eliminate. By“eliminate a threat”, we mean that the anti-spoofing mechanism would suffice to prevent exploitation ofthe threat, without any additional mechanisms or assumptions.1. Buffer overflow attacks2. Cross-site request forgery (CSRF) attacks3. TCP SYN flooding4. TCP RST injection5. Spam6. None of the above(d) Again suppose we could deploy a mechanism that would ensure IP source addresses always correspondto the actual sender of a packet. Circle all of the following threats for which this mechanism wouldeliminate at least some common instances of the attack but not all instances. “Eliminate an attackinstance” refers to preventing that attack instance from succeeding, without any additional mechanismsor assumptions.1. Buffer overflow attacks2. Cross-site request forgery (CSRF) attacks3. TCP SYN flooding4. TCP RST injection5. Spam6. None of the aboveCS 161, Spring 2010, Final Exam 3Problem 2. [Reasoning about memory-safety] (24 points)Consider the following C code:void delescapes(char s[], int n) {int i=0, j=0;while (j < n) {if (s[j] == ’%’) {j=j+3;} else {s[i] = s[j];i=i+1; j=j+1;}}}We’d like to know the conditions under which delescapes() is memory-safe, and then prove it.On the next page, you can find the same code again, but with blank spaces that you need to fill in. Find theblank space labelled requires: on the next page, and fill it in with the precondition that’s required fordelescapes() to be memory-safe. (If several preconditions are valid, you should list the most generalprecondition under which it is memory-safe.)Also, on the next page fill in the three blanks inside delescapes() with invariants, so that (1) each invari-ant is guaranteed to be true whenever that point in the code is reached, assuming that all of delescapes()’scallers respect the precondition that you identified, and (2) your invariants suffice to prove that delescapes()is memory-safe, assuming that it is called with an argument that satisfies the precondition that you identified.Keep in mind that, as emphasized in the last homework, invariants should be self-contained and state allfacts that are needed for a proof of memory-safety.You may ignore the possibility of NULL dereference errors for this question.You may use the notation size(s) to refer to the amount of memory allocated for s.CS 161, Spring 2010, Final Exam 4Here is the same C code again, this time with space for you to fill in the precondition and three invariants.Remember, fill in all blanks./*requires: ________________________________________________________*/void delescapes(char s[], int n) {int i=0, j=0;while (j < n) {/*__________________________________________________________*/if (s[j] == ’%’) {j=j+3;/*______________________________________________________*/} else {s[i] = s[j];i=i+1; j=j+1;/*______________________________________________________*/}}}CS 161, Spring 2010, Final Exam 5Problem 3. [Espionage] (25 points)For this problem assume the existence of a super-top-secret Incredibly Valuable Document (IVD) belongingto a business competitor. You are desperate to read the IVD and are prepared to undertake dubious measuresto do so. The IVD is 100 KB (kilobytes) in size and you already have a copy of it encrypted using a 128-bitAES key. You have 3 avenues
View Full Document
Unlocking...