DOC PREVIEW
Berkeley COMPSCI 161 - Homework

This preview shows page 1-2 out of 5 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Homework 5CS161 Computer Security, Spring 2008Assigned 4/23/08Due 5/05/081. Worm PropagationIn lecture, we talked about ways of increasing the propagation rate ofworms. In this problem, we’ll examine the effects of decreasing the prop-agation rate of worms.Recall that i(t) is the proportion of machines in a network that areinfected by a worm at time t, β is the contact rate, and T is a constantof integration that fixes the time position of the incident. We’ll use aRandom Spread (a.k.a Susceptible-Infected) model for worm propagationand assume a network of tens of millions of susceptible machines.Please limit each answer to 1-3 sentences. You may also include graphsor tables if you like, though they are not necessary.(a) (4 points) If β is 3.5 and T is 15, at what time are 50 percent ofthe machines infected? At what time will 99% of all machines beinfected? Hint: An easy way to work through this problem is touse Mathematica, Excel, or OpenOffice to generate or graph yourresults.(b) (4 points) If we are able to reduce the initial infection rate to 0.5,what is the 50 percent infection time? What is the time for 99% ofall machines to be infected?(c) (4 points) Sometimes a worm is initially distributed to a hitlist, aset of hosts known to be vulnerable. Once the hosts on the hitlist areinfected, these hosts scan randomly to continue spreading. Considera hitlist that makes up one percent of all vulnerable hosts. Modifythe formula for i(t) to take into account the speedup gained by thehitlist.2. Honeypots and TarpitsA tarpit is a honeypot that consumes as many of the adversary’s re-sources as possible. For each of the following honeypots, describe a waywe could turn the honeypot into a tarpit. Do not use the same answerfor more than one part of this problem. Keep your answers short, nomore than two or three sentences.(a) (3 points) An FTP server with no password. Located on the FTPserver is a file with a tempting name, such as corporate secrets.txt(b) (3 points) A host with many open ports.(c) (3 points) An open directory on a web server. The directory has atempting name, such as /highly proprietary software/source code.(d) (3 points) A compromised SSH server containing industrial controlsoftware to accompany already-stolen steel mill blueprints.3. Taint AnalysisIn this question, you are to perform a taint analysis on the followingcode.float area_circle(float radius){float pi=3.14;return pi*radius*radius;}float area_square(float width){return width*width;}int main(char** argv, int argc){float radius_1 = 7.2;float area_1 = area_circle(radius_1);float radius_2 = read_float_from_keyboard();float area_2 = area_circle(radius_2);float summed_area = 0;summed_area += area_1;summed_area += area_2;int n = read_int_from_keyboard();int fibonacci = 1;int i;for(i = n; i != 0; i--){fibonacci *= i;}float (*pt2Area)(float);printf("Enter ’c’ for circles, enter ’s’ for squares: ");char which_area = read_char_from_keyboard();if (which_area == ’c’)pt2Area = area_circle;if (which_area == ’s’)pt2Area = area_square;char buf[42];printf("Enter a size: \n");gets(buf);float size = string_to_float(buf);float area_3 = pt2Area(size);printf("Area is: %f \n", area_3);printf("The ratio of area 3 to area 2 is: %f \n", area_3/area_2);return 0;}(a) (6 points)To the right each line of code, write the names of any variables thatbecame tainted due to that line of code executing.(b) (6 points)List any security vulnerabilities that exist because of tainted vari-ables. For each vulnerability, give an example of an unsafe in-put that would exploit the vulnerability, and explain what happenswhen this input is given.4. Symbolic ExecutionConsider the following code.void f(void){int step = 0; int user_increment = 0;int start = 1;printf("Would you like to count by 1? (y/n)\n");char choice = read_char_from_keyboard();printf("Start counting at: \n");start = read_char_from_keyboard();if (choice == ’n’){user_increment = read_int_from_keyboard();if (user_increment > (100 - start))printf("WARNING: You may not experience many iterations.\n");}if (choice == ’y’){step = 1;if (user_increment > 100)printf("WARNING: You will not experience many iterations.\n");}step += user_increment;/* Place assertion here */printf("Counting to 100, incrementing by %d. \n", step);for(int i = start; i <= 100; i+=step)printf("Currently we are at %d. \n", i);(a) (1 point) Write the assertion that must be true for correct execution.(b) (11 points) Identify each path this code might take (up to the asser-tion). For each path, give the path predicate. Determine whetheror not each path is feasible. For each feasible path, give an exampleof input that would cause this path to be executed. For each feasi-ble path, write a symbolic expression that must be satisfied in orderfor the assertion to fail. Determine whether each symbolic expres-sion is satisfiable. For each satisfiable expression, give an exampleof input that causes the assertion to


View Full Document

Berkeley COMPSCI 161 - Homework

Documents in this Course
Rootkits

Rootkits

11 pages

Load more
Download Homework
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Homework and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Homework 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?