Computer Systems Security: Winter 2018 Assignment 2 - Revision history

Soma: /* Solutions */

2018-03-05T17:08:12Z

Solutions

← Older revision		Revision as of 17:08, 5 March 2018
Line 33:		Line 33:
	<li>Backdoors are normally hard to discover because they are simply code that is designed to look normal while adding malicious functionality (such as a way to bypass authentication). Thus finding a backdoor is like trying to find a bug, except that 1) the creator of the bug has tried to hide the bug, and 2) the bug does not manifest except in extremely unusual circumstances, and you do not have a working test case with which to demonstrate the bug. Thus the only times backdoors are normally found are either when someone is doing a detailed security audit (and is very good at finding hidden features in code), the backdoor is used and the defender has a record of the input given that triggered the backdoor, someone confesses to inserting the backdoor, or someone gets lucky when examining or modifying the affected application. (1 point for understanding what a backdoor is, 1 for properly explaining why they are hard to find)</li>		<li>Backdoors are normally hard to discover because they are simply code that is designed to look normal while adding malicious functionality (such as a way to bypass authentication). Thus finding a backdoor is like trying to find a bug, except that 1) the creator of the bug has tried to hide the bug, and 2) the bug does not manifest except in extremely unusual circumstances, and you do not have a working test case with which to demonstrate the bug. Thus the only times backdoors are normally found are either when someone is doing a detailed security audit (and is very good at finding hidden features in code), the backdoor is used and the defender has a record of the input given that triggered the backdoor, someone confesses to inserting the backdoor, or someone gets lucky when examining or modifying the affected application. (1 point for understanding what a backdoor is, 1 for properly explaining why they are hard to find)</li>
	<li>Hardware virtual machines can mitigate attacks on other virtual machines and the VM's host operating system, in that software running inside of a guest virtual machine should not be able to affect other VMs or the host OS, other than using the resources it has been allocated. VMs, however, open new opportunities to attackers because it is very difficult to observe behavior in a guest OS.</li>		<li>Hardware virtual machines can mitigate attacks on other virtual machines and the VM's host operating system, in that software running inside of a guest virtual machine should not be able to affect other VMs or the host OS, other than using the resources it has been allocated. VMs, however, open new opportunities to attackers because it is very difficult to observe behavior in a guest OS.</li>
	<li>MAC</li>		<li>The key advantage of mandatory access control is that attackers cannot change access restrictions even when they gain access as root, thus limiting the damage attacks can do. The disadvantage is that a sysadmin (running as root) cannot change access restrictions; instead, they have to reboot the system into a special mode in which the security policies can be changed (but the system isn't otherwise running normally). Thus the biggest advantage of MAC is also its biggest disadvantage.</li>
	<li>OS ~~analysis~~</li>		<li>The security of the initial install of most OSs is first guaranteed by verifying the authenticity and integrity of install media (e.g., looking up the hash of an ISO image on a trusted website). Once a system is installed, the integrity and authenticity of updates are verified normally using digital signatures that can be verified with pubic keys embedded in the OS image. If applications are sandboxed (e.g., iOS, snap and flatpak on Linux), they cannot modify the underlying OS, even at install time. Otherwise, generally applications are given full administrative access at install time and so they can modify arbitrary files as part of the installation. The only way to prevent them from doing damage is to not install them.</li>

	</ol>		</ol>

Soma at 15:10, 5 March 2018

2018-03-05T15:10:36Z

← Older revision		Revision as of 15:10, 5 March 2018
Line 21:		Line 21:
	<li>What is one way the OS protects itself from modification by third parties?</li>		<li>What is one way the OS protects itself from modification by third parties?</li>
	</li>		</li>
			</ol>
	</ol>		</ol>

Soma at 15:09, 5 March 2018

2018-03-05T15:09:51Z

@@ Line 21: / Line 21: @@
 <li>What is one way the OS protects itself from modification by third parties?</li>
 </li>
 </ol>

Soma at 18:38, 26 February 2018

2018-02-26T18:38:50Z

← Older revision		Revision as of 18:38, 26 February 2018
Line 1:		Line 1:
	Please answer the following questions. There are 9 questions with 20 points. Submit your answers as a text or PDF file via cuLearn by ~~February 28~~, 2018 at 10:00 AM. Be sure to put your name and student number at the beginning of your submission.		Please answer the following questions. There are 9 questions with 20 points. Submit your answers as a text or PDF file via cuLearn by March 5, 2018 at 10:00 AM. Be sure to put your name and student number at the beginning of your submission.

	When answering each question, please indicate '''the sources of your answer.''' This could be a man page, your own experiments, discussion with a friend, or a website. Please list all your sources. You are allowed to collaborate; such collaboration should be clearly documented! If you already know an answer because of background knowledge you had before the class, that is fine, just state that this is the case.		When answering each question, please indicate '''the sources of your answer.''' This could be a man page, your own experiments, discussion with a friend, or a website. Please list all your sources. You are allowed to collaborate; such collaboration should be clearly documented! If you already know an answer because of background knowledge you had before the class, that is fine, just state that this is the case.

Soma: /* Questions */

2018-02-26T15:18:24Z

Questions

← Older revision		Revision as of 15:18, 26 February 2018
Line 8:		Line 8:
	<li> [2] Explain what a certificate is, in relationship to public keys, digital signatures, and other characteristics.</li>		<li> [2] Explain what a certificate is, in relationship to public keys, digital signatures, and other characteristics.</li>
	<li> [2] How does ssh verify the identity of remote hosts? Specifically, what information does the ssh client receive, and how is this information used?</li>		<li> [2] How does ssh verify the identity of remote hosts? Specifically, what information does the ssh client receive, and how is this information used?</li>
	<li> [2] How do web browsers verify the identity of remote websites when connecting via TLS? Specifically, what information does the ~~ssh client~~ receive, and how is this information used?</li>		<li> [2] How do web browsers verify the identity of remote websites when connecting via TLS? Specifically, what information does the web browser receive, and how is this information used?</li>
	<li> [2] What is the threat model behind the design of the browser sandbox? Specifically, what kinds of attacks does the browser sandbox prevent (assuming it works as designed), and what kinds of attacks does the browser sandbox '''not''' prevent?</li>		<li> [2] What is the threat model behind the design of the browser sandbox? Specifically, what kinds of attacks does the browser sandbox prevent (assuming it works as designed), and what kinds of attacks does the browser sandbox '''not''' prevent?</li>
	<li> [2] Assume that Firefox has a memory corruption vulnerability in its parsing of locally stored bookmarks. Could an attacker exploit such a vulnerability? Explain briefly.</li>		<li> [2] Assume that Firefox has a memory corruption vulnerability in its parsing of locally stored bookmarks. Could an attacker exploit such a vulnerability? Explain briefly.</li>

Soma at 18:27, 21 February 2018

2018-02-21T18:27:38Z

← Older revision		Revision as of 18:27, 21 February 2018
Line 1:		Line 1:
	Please answer the following questions. There are ?? questions with ?? points. Submit your answers as a text or PDF file via cuLearn by February 28, 2018 at 10:00 AM. Be sure to put your name and student number at the beginning of your submission.		Please answer the following questions. There are 9 questions with 20 points. Submit your answers as a text or PDF file via cuLearn by February 28, 2018 at 10:00 AM. Be sure to put your name and student number at the beginning of your submission.

	When answering each question, please indicate '''the sources of your answer.''' This could be a man page, your own experiments, discussion with a friend, or a website. Please list all your sources. You are allowed to collaborate; such collaboration should be clearly documented! If you already know an answer because of background knowledge you had before the class, that is fine, just state that this is the case.		When answering each question, please indicate '''the sources of your answer.''' This could be a man page, your own experiments, discussion with a friend, or a website. Please list all your sources. You are allowed to collaborate; such collaboration should be clearly documented! If you already know an answer because of background knowledge you had before the class, that is fine, just state that this is the case.

Soma: /* Questions */

2018-02-21T18:27:11Z

Questions

← Older revision		Revision as of 18:27, 21 February 2018
Line 13:		Line 13:
	<li> [2] Why are backdoors normally hard to discover? Describe the means by which a backdoor could be discovered in an application. Be sure to explain what conditions had to be present in order for the backdoor to be discovered.</li>		<li> [2] Why are backdoors normally hard to discover? Describe the means by which a backdoor could be discovered in an application. Be sure to explain what conditions had to be present in order for the backdoor to be discovered.</li>
	<li> [2] What kinds of attacks can a hardware virtual machine, such as VirtualBox, mitigate? Do virtual machines open up any new opportunities for attackers?</li>		<li> [2] What kinds of attacks can a hardware virtual machine, such as VirtualBox, mitigate? Do virtual machines open up any new opportunities for attackers?</li>
	<li> [2] What is the key advantage of mandatory access control (over discretionary access control)? What is the key disadvantage?<li>		<li> [2] What is the key advantage of mandatory access control (over discretionary access control)? What is the key disadvantage?</li>
	<li> [4] For an operating system/distribution of your choice, answer the following questions:		<li> [4] For an operating system/distribution of your choice, answer the following questions:
	<ol>		<ol style="list-style-type:lower-alpha">
	<li>How does one verify the integrity and authenticity of the initial operating system install?</li>		<li>How does one verify the integrity and authenticity of the initial operating system install?</li>
	<li>How is the integrity of software updates verified?</li>		<li>How is the integrity of software updates verified?</li>

Soma: /* Questions */

2018-02-21T18:25:22Z

Questions

← Older revision		Revision as of 18:25, 21 February 2018
Line 7:		Line 7:
	<ol>		<ol>
	<li> [2] Explain what a certificate is, in relationship to public keys, digital signatures, and other characteristics.</li>		<li> [2] Explain what a certificate is, in relationship to public keys, digital signatures, and other characteristics.</li>
	<li> [2] How does ssh verify the identity of remote hosts? Specifically, what information does the ssh client receive, and how is this information used?<li>		<li> [2] How does ssh verify the identity of remote hosts? Specifically, what information does the ssh client receive, and how is this information used?</li>
	<li> [2] How do web browsers verify the identity of remote websites when connecting via TLS? Specifically, what information does the ssh client receive, and how is this information used?</li>		<li> [2] How do web browsers verify the identity of remote websites when connecting via TLS? Specifically, what information does the ssh client receive, and how is this information used?</li>
	<li> [2] What is the threat model behind the design of the browser sandbox? Specifically, what kinds of attacks does the browser sandbox prevent (assuming it works as designed), and what kinds of attacks does the browser sandbox '''not''' prevent?</li>		<li> [2] What is the threat model behind the design of the browser sandbox? Specifically, what kinds of attacks does the browser sandbox prevent (assuming it works as designed), and what kinds of attacks does the browser sandbox '''not''' prevent?</li>

Soma: /* Questions */

2018-02-21T18:25:07Z

Questions

← Older revision		Revision as of 18:25, 21 February 2018
Line 5:		Line 5:
	==Questions==		==Questions==

	# [2] Explain what a certificate is, in relationship to public keys, digital signatures, and other characteristics.		<ol>
	# [2] How does ssh verify the identity of remote hosts? Specifically, what information does the ssh client receive, and how is this information used?		<li> [2] Explain what a certificate is, in relationship to public keys, digital signatures, and other characteristics.</li>
	# [2] How do web browsers verify the identity of remote websites when connecting via TLS? Specifically, what information does the ssh client receive, and how is this information used?		<li> [2] How does ssh verify the identity of remote hosts? Specifically, what information does the ssh client receive, and how is this information used?<li>
	# [2] What is the threat model behind the design of the browser sandbox? Specifically, what kinds of attacks does the browser sandbox prevent (assuming it works as designed), and what kinds of attacks does the browser sandbox '''not''' prevent?		<li> [2] How do web browsers verify the identity of remote websites when connecting via TLS? Specifically, what information does the ssh client receive, and how is this information used?</li>
	# [2] Assume that Firefox has a memory corruption vulnerability in its parsing of locally stored bookmarks. Could an attacker exploit such a vulnerability? Explain briefly.		<li> [2] What is the threat model behind the design of the browser sandbox? Specifically, what kinds of attacks does the browser sandbox prevent (assuming it works as designed), and what kinds of attacks does the browser sandbox '''not''' prevent?</li>
	# [2] Why are backdoors normally hard to discover? Describe the means by which a backdoor could be discovered in an application. Be sure to explain what conditions had to be present in order for the backdoor to be discovered.		<li> [2] Assume that Firefox has a memory corruption vulnerability in its parsing of locally stored bookmarks. Could an attacker exploit such a vulnerability? Explain briefly.</li>
	# [2] What kinds of attacks can a hardware virtual machine, such as VirtualBox, mitigate? Do virtual machines open up any new opportunities for attackers?		<li> [2] Why are backdoors normally hard to discover? Describe the means by which a backdoor could be discovered in an application. Be sure to explain what conditions had to be present in order for the backdoor to be discovered.</li>
	# [2] What is the key advantage of mandatory access control (over discretionary access control)? What is the key disadvantage?		<li> [2] What kinds of attacks can a hardware virtual machine, such as VirtualBox, mitigate? Do virtual machines open up any new opportunities for attackers?</li>
	# [4] For an operating system/distribution of your choice, answer the following questions:		<li> [2] What is the key advantage of mandatory access control (over discretionary access control)? What is the key disadvantage?<li>
	#* How does one verify the integrity and authenticity of the initial operating system install?		<li> [4] For an operating system/distribution of your choice, answer the following questions:
	#* How is the integrity of software updates verified?		<ol>
	#* Are third party applications given the ability to modify (corrupt) the operating system?		<li>How does one verify the integrity and authenticity of the initial operating system install?</li>
	#* What is one way the OS protects itself from modification by third parties?		<li>How is the integrity of software updates verified?</li>
			<li>Are third party applications given the ability to modify (corrupt) the operating system?</li>
			<li>What is one way the OS protects itself from modification by third parties?</li>
			</li>
			</ol>

Soma: /* Questions */

2018-02-21T18:22:56Z

Questions

← Older revision		Revision as of 18:22, 21 February 2018
Line 13:		Line 13:
	# [2] What kinds of attacks can a hardware virtual machine, such as VirtualBox, mitigate? Do virtual machines open up any new opportunities for attackers?		# [2] What kinds of attacks can a hardware virtual machine, such as VirtualBox, mitigate? Do virtual machines open up any new opportunities for attackers?
	# [2] What is the key advantage of mandatory access control (over discretionary access control)? What is the key disadvantage?		# [2] What is the key advantage of mandatory access control (over discretionary access control)? What is the key disadvantage?
			# [4] For an operating system/distribution of your choice, answer the following questions:
			#* How does one verify the integrity and authenticity of the initial operating system install?
			#* How is the integrity of software updates verified?
			#* Are third party applications given the ability to modify (corrupt) the operating system?
			#* What is one way the OS protects itself from modification by third parties?