Homework 6CS161 Computer Security, Spring 2008This homework will not be collected.Use this to help prepare for the final exam.1. Hardware Support for Dual-Mode OperationEarly Intel processors (e.g., the 8086) did not provide hardware sup-port for dual-mode operation (i.e., support for a separate user mode andkernel mode). As a result, most of the systems implemented on theseprocessors did not support multi-user operation. List and explain onepotential problem associated with supporting multi-user operation with-out hardware support for dual-mode operation. Be concise: one or twosentences should suffice.2. GesundheitKachoo!, Inc. has just released a new web service that allows peopleto sign their web pages. The service does this by appending, hiddeninside a special HTML tag at the bottom of an otherwise normal webpage, the author’s name, the date, and a signature (which contains theauthor’s name and date signed by the author’s RSA private key). Theweb page itself is unencrypted, but the signature can be validated bydownloading http://www.kachoo.com/pubkeys.html (which contains alist of all registered Kachoo! users and each user’s public key) to retrievethe author’s public key. Explain why this gives a completely false senseof security, by outlining two different ways that you could make it appearthat Linus Torvalds has posted a web page saying “Open source is forlosers; I’ve decided to go work for SCO”. The definition of “different” isthat each attack has a unique fix. For each of the attacks you list, give acountermeasure that the author/viewer could take to protect themselvesagainst that attack.(a) Attack 1:(b) Countermeasure 1:(c) Attack 2:(d) Countermeasure 2:3. One is the Loneli est NumberIn this class, we have seen several different mechanisms for isolatinguntrusted programs, including virtual memory, system call interposition,and virtual machines.(a) Name one threat that system call interposition protects against butvirtual memory does not.(b) The military runs a multi-user computer that all government em-ployees can log into; programs that require access to top-secret data arerun inside a virtual machine. Richard Stallman is given an account onthis computer so that he can install emacs. Colonel Greene runs a copyof Stallman’s emacs program inside a virtual machine and uses it to editthe top-secret list of UFOs stored in Area 51’s warehouses. (Only Greenehas an account on the guest OS running inside the virtual machine.) IfRichard Stallman were malicious, could he arrange to learn the contentsof this list? If yes, explain how; if no, say why not.4. Secure PIN Entry We want to allow a user to enter a secure PIN(numeric password) into a terminal. We assume that an adversary canmonitor any input (such as a keyboard or keypad) but that the channelof the display to the user (such as a screen) is secure: the adversarycannot monitor it. Give a secure way for the user to enter his or her PIN(the adversary should gain no information about the PIN).5. Firewalls and Reference Monitors Explain how the requirements ofa reference monitor apply specifically to a firewall. Address the feasibilityof determining whether a real firewall meets these requirements.6. Intrusion Detection Systems Explain succinctly the difference be-tween rule-based intrusion detection and statistical anomaly detection.Give one advantage each has over the other.7. Buffer Overflow Why is having a non-executable stack and heap in-sufficient to protect against buffer overflow code execution attacks?8. Rootkits Joe wants to protect himself against rootkits, so he runs avirtual Windows XP s ystem on top of Mac OS X. Is Joe vulnerable toWindows XP rootkits? Why or why not?9. SQL Injection Attacks SQL’s prepared statements add the “?” syntaxto the language:select * from foo where bar=?”?” can then be replaced with a string using a seperate function ”set-String()”. This is more secure than building up queries by concatenat-ing strings, because ”setArgument()” understands enough of the SQLlanguage to ensure that its arguments are properly interpreted at thedatabase server. For example, if the ”bar” column contains strings, then”setArgument” ensures that its parameter is a string, and the serverinterprets it as raw string data, instead of as part of a SQL expression.setArgument can be applied in various different points in the query syn-tax. Which of the following can s afely interpret untrusted user input?For each case, explain what setArgument would have to verify, or explainwhy passing such data in from the user is unsafe:a) setArgument takes an integer: ”select * from foo where num=?”b) setArgument takes a set of values: ”select * from foo where num in?”c) setArgument takes a nested SQL query: ”selec t * from foo where numin ?”10. Cross Site Scripting and SQL InjectionIn class, we saw an example of a cross site scripting attack involvingjavascript. That example enabled the attacker to authenticate as thevictim user, to the victim server. This is a two step attack, requiring theattacker to first obtain the user’s cookies, and then authenticate to theserver. Describe how the attacker could develop a more elaborate crosssite s cripting attack, involving SQL injection along with javascript injec-tion, to eliminate the need for the step where the attacker authenticatesas the user. Feel free to make any reasonable assumptions necess aryabout the victim server, in order to make your attack possible.11. FirewallsThe following diagram shows the architecture for your company’s net-work and connection to the internet.FWtelnetserversshserverwebservermailservercompanyperimiterISPaISPbinternetIP addresses:ISP router 2.2.2.1Mail server 1.2.3.5Web server 1.2.3.4SSH server 1.2.3.3Telnet server 1.2.3.2Example rules:allow * *:*/in -> *:*/outdrop * *:* -> *:*Your company is installing a packet filter firewall. Here is the proposedsecurity policy for the firewall:[I] By default, block all inbound connections.[II] Allow all inbound TCP connections to SMTP on mail server.[III] Allow all inbound TCP connections to HTTP and HTTPS on webserver.[IV] Allow all inbound TCP connections to SSH on SSH server.[V] Allow all outbound connections.[VI] Telnet access should not be allowed (because it sends passwords incleartext).(a) (12 points) Using the syntax from lecture (examples above), writethe firewall ruleset for your company’s firewall. For each rule, givea brief description of
View Full Document
Unlocking...