CS 469: Security Engineering-Midterm Review
The midterm will cover all the material presented in class, homework
and readings. The concepts below are guidelines, but the exam will
cover everything. The key is to UNDERSTAND concepts.. not just memorize
answers to each of these questions.
This may be updated frequently. Please hit refresh. Last updated: Oct 10, 2012
Aspects of Security
- What are confidentiality, integrity and availability. Can you give examples of each?
- Given a scenario, explain the
concerns/vulnerabilities/issues about confidentiality, integrity,
availability
- Why is security hard? Can you give some specific reasons? What are common tradeoffs?
- What is the principle of least privilege. Give some examples.
Authentication
- What are four ways we discussed to establish your identity. Can you give examples of each?
- How do you compute the strength of a password?
- Given a password scheme, compute the entropy in bits
- In password cracking, explain what dictionaries, rulesets and brute fore mean
- Conceptually, what is a secure one-way hash
function? (Note: I want an explanation of the concept, not just
"SHA-1")
- How are secure one-way hash functions used in authentication?
- Explain salt? Why do it?
- Explain key stretching? Why do it?
- What is encrypted key exchange? (Describe it, you don't need to draw out the full process)
- Define biometrics and give examples
- What is multifactor authentication?
Policies
- What are policies and meta-policies. Define how they differ.
- Explain MLS/BLP
- What is it
- What are subjects? objects?
- What is the primary goal of the policy? (which of the "big 3")?
- Define the dominates relationship
- Using MLS, be able to state what a subject can read/write
- Explain the simple security policy
- Explain the *-policy
- What are the problems with MLS/BLP?
- What is tranquility? Strong? Weak?
- How does MAC differ from DAC? Give examples.
Covert Channels
- What is a covert channel?
- What are some types and examples of those types?
- Conceptually, how can you find them?
Firewalls
- Describe each: packet firewall, stateful firewall, application-based firewall, proxy firewall
- What is network address translation?
- What is a VPN?
- Given a set of IPTables rules, and a set of network packets...explain what happens.
- How does ack port scanning work?
- How does port scanning through a firewall work?
Non-interference
- Describe non-interference
- Apply that to covert-channels
- Change an MLS policy into a non-interference diagram. Do the reverse if possible.
- What is a non-transitive policy? Give an example of when it's needed.
- Conceptually, how do I verify non-interference?
Integrity
- What is integrity? Define it.
- BLP is a confidentiality model, but talks about writing. Why isn't it an integrity model?
- Describe and give an example of separation of duty
- Describe and give an example of separation of function
- How does auditing help support integrity?
- What is the integrity meta-policy?
- Describe the policies in Biba's strict integrity model
- Given information about subjects and objects create the Acces Control Matrix using Biba's model
- Clark Wilson Model
- Describe the overall theme of the Clark Wilson Model
- What are the four aspects of it?
- What are CDIs, UDIs, TPs, IVPs?
- I won't ask you to state the rules, but you should have a notion of the ideas
- Role Based Access
- How is RBAC different from the other models?
- Explain RBAC
- How does RBAC support least privilege, separation of duty
- Given a scenario, write some appropriate RBAC profiles.
PIN
- What is the difference between source code instrumentation and binary instrumentation? Which is PIN?
- How is static binary instrumentation different from dynamic? Which does PIN do?
Malware
- Define "malware"
Buffer Overflow
- Conceptually explain the steps a malicous author needs to accomplish to USE a buffer overflow attack
- How does Windows Data Execution Protection or W (xor) X help?
Return Oriented Programming (ROP)
- Describe ROP
- What is the motivation behind it... why do people do it?
- What's a gadget?
- Given a simple program explain where buffer overflow may happen
-
Explain the types of malware:
- Backdoor, trojan, logic bomb, virus, worm, zombie, rootkit
- What is the pseudocode for a virus
- What is a macro virus?
- What do "stealth" viruses do?
- What do armored viruses do? Why?
- What do polymorphic viruses do? Why?
- How is a botnet of zombies created? Steps?
Malware Defense
- When you distinguish between instructions and data, what does that do?
- Describe Duff's Unix
- What is a watchdog? Describe what Karger's scheme is to use a watchdog?
- Detecting alteration of files is one type of
defense. Explain the advantages/disadvantages (or type of things it
protects versus doesn't protect)
- How do "typical" signature-based antivirus
programs work? What do they protect against and where are their holes?
- Detecting activities beyond program scope is
another protection. What are the steps you need to do to make it work?
What are the problems with it?
- What is N-version programming?
Crowdsource
- How does Crowdsource use natural language processing to identify capabilities in malware?
Cryptography & Ciphers
- What is the difference between symmetric and asymmetric keyed encryption algorithms
- Give an example of why redundancy is helpful to an attacker
- What is breakable encryption?
- What is strong encryption?
- What is perfect encryption?
- How do you compute the size of a keyspace?
- What are substitution ciphers? Give an example (not a name of one, but how one is implemented)
- What are transposition ciphers? Give an example (not a name of one, but how one is implemented)
- What are confusion and diffusion? How do substitution and transposition affect them?
- Give an example of a mono-alphabetic substitution cipher
- Give an example of a poly-alphabetic substitution cipher. How do they differ?
- Describe a one-time pad. Why is it "perfect"? What is the meaning of "perfect" in this context?
- Explain the key distribution problem. How does public key encryption solve it?
- How does the Vernam cipher simulate a one-time pad?
- Why are symmetric and asymmetric keys not equivalent in strength?
- Describe stream and block encryption. What are the advantages/disadvantages of each?
Audits, Security Vulnerabilities
- What is the purpose of the Java or Flash sandbox?
- Can malware ever escape the sandbox?
- What are several ways to protect yourself (mitigate) against Java, Flash, Reader, IE exploits?
- What is the difference between penetration testing and a vulnerability assessment? How do they interact?
- In a security audit several domains are looked at:
application, network, business continuity/disaster recovery, employee
vetting procedures. For each describe briefly why they are done and
examples of issues that the auditor is looking for.