CS 491/591 Security and Privacy Spring ©09 Test 1 Name:___________Key_____________________ Answer all questions. 100 points total, the number each question is worth is shown in parentheses. Closed book, closed notes, closed calculator, closed everything. Check right now to make sure you have all pages of the test. Be as concise as possible while still answering the question. All of your answers should be written on page 1 and 2, I won©t grade anything written on pages 3 through 5. Enciphered answers will not be considered correct. Part I, Circle "T" for True or "F" for False (30 pts., 2 pts. each, see page 3 for questions). 1. T F 2. T F 3. T F 4. T F 5. T F 6. T F 7. T F 8. T F 9. T F 10. T F 11. T F 12. T F 13. T F 14. T F 15. T F Part II, Multiple choice, circle the one correct answer for the corresponding questions on pages 4 and 5. (30 pts., 5 pts. each). 16. a b c d e 17. a b c d e 18. a b c d e 19. a b c d e 20. a b c d e 21. a b c d e Page 1 of 6 Part III, Answer the questions below as concisely as possible. Write your answer below the question. 22. (10 pts.) Someone tells you that putting your web server in a chroot() jail in Linux is pointless, since chroot() jails can be escaped. (a) Are they right? (b) If not, why not? If so, what would you use instead of a chroot() jail? No, it is not pointless. An attacker can only break out of a chroot() jail if they can execute arbitrary code. Thus chroot() jails are still a useful protection against things like directory traversal attacks. 23. (6 pts.) What is the difference between an access control list and a capability? An access control list is stored with the object and specifies what subjects can access that object, capabilities are stored with the subject and specify which objects that capability allows the subject to access. 24. (6 pts.) RSA provides a property called non-repudiation, thus it can be used for things like digital signatures. Why can©t symmetric crypto algorithms like DES and AES provide non-repudiation? Symmetric crypto uses a shared key, so if Alice signs a message to Bob with their shared key Bob has no way to prove to a third party that he didn©t generate the signature himself since he also has the shared key. 25. (10pts.) Name the authors of the paper, "Optimal Asymmetric Encryption -- How to encrypt with RSA." Bellare and Rogaway (this was hinted at in the lab 1 secret file). 26. (6 pts.) TEXQ ZFMEBO FP QEFP NRBPQFLK TOFQQBK FK? A Ceasar cipher with a key of shifting 3 backwards 27. (2 pts.) Dimebag Darrell of Pantera had two riffs voted into the greatest of all time list by Guitar World magazine readers. What two songs were they from? Cemetary Gates and Floods. Page 2 of 6 Questions for parts I and II, all of your answers for these questions should be written on page 1, nothing written on pages 3 through 5 will be graded. 1. (T/F) In theory, if the key is truly random, never reused, and kept secret the One Time Pad is provably secure against plaintext-only attacks. TRUE 2. (T/F) In theory, if the key is truly random, never reused, and kept secret DES and AES are both provably secure against plaintext-only attacks. FALSE 3. (T/F) A Feistel cipher structure lets you use the same hardware or software for decryption as for encryption, all you have to do is reverse the order of the round keys. TRUE 4. (T/F) Diffie-Hellman key exchange is an asymmetric scheme that can be used for encryption and signatures, but is not as efficient as RSA. FALSE, Diffie-Hellman can only be used for key exchange 5. (T/F) Bell-LaPadula is rarely used in practice because of the shortcomings that McLean identified. FALSE 6. (T/F) Bell-LaPadula and other lattice-based policies enforce a total ordering on all subjects and objects, i.e., one label/clearance is always strictly higher than another. FALSE, the definition of a lattice is a partial ordering. 7. (T/F) The Chinese Wall policy is intended for conflict of interest settings. TRUE 8. (T/F) On the Pentium, it is impossible to read/write to a kernel page from user space, even if you trick the kernel into giving you a mapping in your page table, since the supervisor bit is stored with the physical page rather than in the page table entry. FALSE, the supervisor bit is in the page table. 9. (T/F) Setuid programs can only be executed by root. FALSE Page 3 of 6 10. (T/F) Using chmod, a user can change the discretionary access controls on their files on a modern Linux machine but not the mandatory access controls enforced by SELinux. TRUE 11. (T/F) To open a file, a process has to provide the kernel with a file descriptor through a system call, then the kernel returns the filename for that descriptor. FALSE, it©s the other way around. 12. (T/F) A Linux process can only be susceptible to race condition (or TOCTTOU) vulnerabilities if it is multithreaded. FALSE 13. (T/F) Ring 0 == UID 0 == root == kernel, these are all the same thing. FALSE 14. (T/F) All asymmetric cryptography is basically the same as RSA, you can do encryption and signatures for messages between two parties but not much else. FALSE 15. (T/F) Buffer overflows are impossible to exploit if the position of the stack is randomized. FALSE Page 4 of 6 16. (Multiple choice). Which one of these best describes what is at the heart of Shor©s algorithm for breaking RSA?: a. It is based on a quantum form of linear cryptanalysis on RSA©s S-boxes. b. It is based on using the Quantum Fourier Transform to find a period. c. It is based on trying every plaintext-ciphertext pair in parallel universes. d. A cup of goo, made of goat cheese, dandelion root, and graduate student tears. e. Solving an NP-complete problem through quantum simulated annealing. 17. (Multiple choice). Which one of these is not one of Saltzer and Schroeder©s secure design principles?: a. The Principle of Complete Mediation b. The Principle of Economy of Mechanism c. The Principle of Fail-Safe Defaults d. The Principle of Protecting Trade Secrets e The Principle of Open Design 18. (Multiple choice). Which of these is not a type of software vulnerability that can be used for privilege escalation, unauthorized access, and/or remote code execution?: a. Buffer overflow b. TOCTTOU race condition c. RBAC d. Directory traversal e. Double free() 19. (Multiple choice). Which of these is not a technique that you would typically use to defend against dictionary attacks or other authentication security issues?: a. Building a rainbow table b. Salting the password c. Hashing the password d Shadowing the password file e. Biometrics Page 5 of 6 20. (Multiple choice) Which of these is a model that you can use to determine in linear time if a security privilege is leaked?: a. The Clark-Wilson model b. The Take-Grant model c. The Access Contol Matrix Model d. The Access Control List Model e. The Hidden Markov Model 21. Which of these capability-based computer architectures is still on the market, i.e., if you©ve got about 50 thousand bucks you can go on the Internet and buy a brand new one today?: a. The Cambridge CAP b. The Chicago Magic Number Machine c. The Intel iAPX 432 d. The AS/400, also known as the iSeries e. The Elrbus E2K Page 6 of 6.