Practice Questions for Final Exam, Fall 2008Questions to help you prepare for final exam. These are notrepresentative of questions on final exams -- merely to help you thinkabout the topics in scope. The scope of questions/knowledge is notlimited to those suggested by this questions -- you must use thelecture notes, slides, textbooks, homeworks, projects and othermandatory readings posted on the web page for thorough preparation.1. What is the principle of Least Priv.?2. An executable, say "passwd" program that changes user passwords,has setuid bit set and is owned by root. It is invoked by a userwith ID 18. What will be the process’s real and effective UIDs atstart of the process? Suppose it calls exec on a executable thatdoes not have the setuid bit set. What will the real and effectiveUIDs be after the call? What happens if the process calls"setuid(geteuid())" -- what access permissions to files will theprocess have after this.3. What is the difference between "setuid" and "seteuid" on Linux,when dealing with root and non-root real UIDs?4. How do we achieve automatic privilege separation? Describe onesafe way of handling variables that are inferred both as"privileged" and "unprivileged"? Does privilege separation removeall possible attacks that caused by buffer overflows -- give onexample that is not stopped?5. Suppose you have a buggy device driver? How would you usesegmentation registers on Intel x86 to apply hardware-faultisolation.6. What are the advantages and disadvantages of SFI over hardwarefault isolation?7. How does SFI technique significantly reduce the trusted computingbase (TCB) by using a verifier?8. On the RISC architecture we studied in class, all instructions wereof fixed size (say 4 bytes). On x86, instruction sizes may varybetween 1-16 bytes, and instructions can begin at any byte in the codememory. Does the classical SFI technique prevent against attackswhere the sandboxed code tries to jump at in middle of an instructionstream? If not, suggest changes to fix it.9. System call interposition -- how do we extract a policy forlegitimate sequences of system calls, given the control flow graph(CFG) (code) of the program? Suppose the CFG or code is not given,you just have access to the program -- suggest one way to developthe policy to enforce with system call interposition on aapplication?10. Can you use inline reference monitors for confining actions ofbrowser plugins? Explain what properties should you enforce onthe "mplayer" MPEG codec plugin for Firefox?11. System Call interposition based monitors, SFI inline checks,Virtual machine monitors are all examples of the general conceptof .......... monitors.12. How can a infected VM communicate with a listener in another VMusing CPU loading/unloading?13. Specify two other covert channels in virtual machines (assume thatthe network device and hard disk controller are shared)?14. (a) Can the TPM be used to prevent a virus from modifying themachines Master Boot Record (MBR), used for bootstrapping theOS, without being detected? If so, explain why. If not, explainwhy not.(b) Can the TPM be used to prevent a virus from modifying themachines BIOS boot block without being detected? If so, explainwhy. If not, explain why not.(c) Suppose user A is able to extract the secret AIK signing keyfrom the tamper resistant chip in his machine. Explain theimplications of this for the va- lidity of the attestationprocess. How could A use this key to fool a remote server aboutthe software running on As machine?(d) How would you defend against this problem? You may assume thatthe private key extracted from the chip is published on the web(anonymously) so that anyone can mount the attack from part (c).15. Suppose a music player vendor wishes to allow only CDs sold bythat vendor to be played on its player. How can it use a specialhardware, like TPM, to achieve this? Can it use purely softwaretechniques?16. List atleast one other application of specialized cryptographichardware other than those mentioned in previous two questions.17. SQL injection can be prevented by using PREPARED statements, asseen in the homework. Explain what are "?" (bind or placeholderparameters) used in prepared statement?18. Suggest one-way to prevent HTTP response splitting.19. Distinguish between reflected XSS and stored XSS attacks.20. What is the difference between a XSRF vulnerability and a XSSvulnerability.21. You notice that a pizza purchase web site is using a MAC for somepart of the data in its cookie. What could be this data, and whyis the MAC being used?22. (a) State the same origin policy as it applied to the DOM, asclearly and precisely as you can, in one or two sentences. Do thesame for the same origin policy as it applies to cookies.(b) Why is it consistent with the same-origin policy for contentfrom site A to include an image (such as <imgsrc="http://anothersite.com/picture.jpg" >) from another site B?(c) Suppose that web pages from several sites request images fromTripleClick.com. Explain how each site can pass TripleClick someinformation about the content of the page that will contain theimage. Write a variant of the HTML <imgsrc="http://tripleclick.com/picture.jpg" > that passes informationto TripleClick as part of the request for a picture.(d) How can TripleClick use the requests you described in part (c)to build up a database of interests of each web user? Explain thebrowser mechanism that will let TripleClick tell if two requestsfor images come from the same user and machine, even if the userchanges IP addresses.23. In Microsoft Internet Explorer 6. This feature is a new attributefor cookies which prevents them from being accessed throughclient-side script. A cookie with this attribute is called anhttpOnly cookie.(a) What attack are httpOnly cookies intended to prevent? Give anexample attack that does not work if the site uses httpOnlycookies, but works with normal cookies.(b) Show that httpOnly cookies do not eliminate the class ofattacks from part (b). Give an example where httpOnly cookies donot improve security.24. Suppose you have a very old "rsh" server that only wishes tocommunicate with a client machine of a known IP address T. Itnaively trusts the TCP protocol design to setup a connection withT; when the client connects to the server using TCP, the serverrelies on the TCP 3-way handshake to guarantee that IP address ofthe client is indeed T and uses no other authentication mechanism.Recall from class that the TCP/IP 3-way
View Full Document
Unlocking...