程序代做CS代考 SQL javascript compiler Java file system 2017 – cscodehelp代写
2017
CS 161 Computer Security
Midterm 1
Print your name: , (last)
(first)
I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that any academic misconduct will be reported to the Center for Student Conduct, and may result in partial or complete loss of credit.
Sign your name:
Print your class account login: cs161- and SID:
Your TA’s name:
Your section time:
Exam # for person sitting to your left:
Exam # for person sitting to your right:
You may consult one sheet of paper (double-sided) of notes. You may not consult other notes, textbooks, etc. Calculators, computers, and other electronic devices are not permitted.
You have 80 minutes. There are 5 questions, of varying credit (300 points total). The questions are of varying difficulty, so avoid spending too long on any one question. Parts of the exam will be graded automatically by scanning the bubbles you fill in, so please do your best to fill them in somewhat completely. Don’t worry—if something goes wrong with the scanning, you’ll have a chance to correct it during the regrade period.
If you have a question, raise your hand, and when an instructor motions to you, come to them to ask the question.
Question: 1 2 3 4 5 Total Points: 64 62 58 56 60 300 Score:
Do not turn this page until your instructor tells you to do so.
Page 1 of 18
Problem 1 True/False (64 points) For each of the following, FILL IN THE BUBBLE next to True if the statement is correct, or next to False if it is not. Each correct answer is worth 4 points. Incorrect answers are worth 0 points. Answers left blank are worth 1 point.
(a) Framebusting allows Javascript in an outer page to access the cookies associated with an inner page loaded in an iframe.
True False
(b) http://www.coolvids.com:3000/index.html is in the same origin as http://coolvids.com:3000/index.html.
True False
(c) Browsers apply the Same Origin Policy to determine what URLs can be loaded in iframes.
True False
(d) If Tyrion uses a browser with no code vulnerabilities and uses a unique, long pass- word for every website he visits, then he will be safe against phishing attacks.
True False
(e) A recommended defense against clickjacking attacks is for servers to include an HTTP X-Frame-Options header in its replies.
True False
(f) HTTP-Only Cookies are designed to prevent CSRF attacks.
True False
(g) An attacker can steal Alice’s cookies for www.squigler.com by exploiting a buffer overflow vulnerability in Alice’s browser.
True False
Solution: The key concept underlying this question is that if an attacker can exploit a buffer overflow, they can inject code into Alice’s browser that will make the browser do whatever they wish—including transmit cookies to a remote server.
Midterm 1
Page 2 of 18 CS 161 – SP 17
(h) Executable Space Protection (e.g., DEP and W⊕X) is a defense against buffer overflow attacks.
True False
(i) ASLR is a defense against buffer overflow attacks that requires operating system support.
True False
(j) ASLR will prevent any attack that overflows local variables from executing injected code.
True False
(k) Stack canaries are a defense against buffer overflow attacks that requires operating system support.
True False
(l) Stack canaries will prevent any attack that overflows local variables from executing injected code.
True False
(m) Stack canaries provide some protection against printf format string vulnerabilities, but do not protect against all such vulnerabilities.
True False
Solution: A compiler can add the canary generation and checking without needing any extra functionality from the operating system.
Solution: The original solution stated the following, in support of an answer of True:
printf format string vulnerabilities allow attackers to write to the stack. If part of what an attacker writes is a new RIP value to cause a jump to code they’ve written elsewhere on the stack, then stack canaries will prevent the attack from succeeding.
However, this perspective reflects a variant of stack canaries not discussed in class. (The variant encodes the correct RIP, and in some versions the correct
Midterm 1
Page 3 of 18 CS 161 – SP 17
SFP, into the canary.) As discussed on Piazza, for “vanilla” stack canaries, an attacker who is at all careful can always avoid altering the canary. Thus, the correct answer is False, as such canaries do not provide any protection.
This other part of the original solution remains correct regardless of the type of canary:
On the other hand, other forms of format string vulnerabilities read data from the stack but do not alter stack contents; or write onto the stack in pinpoint locations (for example, to alter the value of a variable). Stack canaries cannot prevent these attacks.
(n) AMD’s NX feature, and Intel’s similar XD feature, provide protections against XSS attacks.
True False
(o) If a web page from abc.com includes a script from xyz.com, the Same Origin Policy puts the script from xyz.com in the abc.com origin.
True False
Solution: When discussing the SOP, we pointed out this important “excep- tion” when loading Javascript. It enables the use of Javascript “libraries”. One example we used was how many web sites will include a Google Analytics script, which they load from one of Google’s servers (and thus it comes from one of Google’s origins).
Midterm 1
Page 4 of 18 CS 161 – SP 17
(p) The Same Origin Policy prevents XSS attacks if a browser implements it correctly.
True False
Problem 2 Multiple Choice (62 points)
(a) (8 points) Many people lock valuables in a safe in their house in addition to locking the doors of the house. NE security principle that best fits with this approach:
Ensure Complete Mediation Don’t rely on security through obscurity Defense in Depth Privilege Separation
(b) (8 points) Bob places a duplicate key to his house under one particular stone in his front yard in case he forgets or loses his main key. NE security principle that best fits with his approach:
Ensure Complete Mediation Don’t rely on security through obscurity Defense in Depth Privilege Separation
(c) (10 points) Assume that an airport wants to achieve two security goals: (a) pas- sengers can only board planes if they have boarding passes issued in their actual name, and (b) passengers cannot board planes unless they have undergone a secu- rity inspection by the TSA.
Consider the following design that an airport uses to try to meet these goals. The airport operators arrange that passengers can only board an airplane if they:
1. show a boarding pass and photo ID at a TSA security checkpoint, for which the photo on the ID matches the passenger presenting it, and the name on the ID matches that on the boarding pass
2. pass through a TSA security inspection at that checkpoint
3. present a boarding pass at the gate when actually going onto the plane
Also assume that the TSA correctly carries out its inspections of passengers, their boarding passes, and their photo IDs.
LL of the following concepts that are relevant to analyzing whether the airport’s design achieves goals (a) and (b). You should only consider the approach
Solution: The situation described requires an adversary to work their way past both of two separate defenses.
Solution: Bob’s approach fails if an adversary knows its details.
Midterm 1 Page 5 of 18 CS 161 – SP 17
as described above. Do not consider any additional facts that you happen to know about how airport security actually works.
Code is Data and Data is Code TOCTTOU vulnerability Ensure complete mediation Whitelisting
Injection vulnerability
Solution: The airport needs to make sure that its checks always occur, hence there are concerns regarding ensuring complete mediation. In addition, the check for the photo ID match is done separately from passengers actually board- ing a plane. This introduces a Time-of-Check-to-Time-of-Use vulnerability in that once past the TSA security check, two passengers can swap boarding passes, undermining one of the security goals.
As described, there are no instances of information being treated as instructions, which both “Code is Data and Data is Code” and “Injection vulnerability” refer to. In addition, “Whitelisting” refers to only allowing a restricted, predefined set of accesses. While the photo ID check restricts access, it does not do so using a predefined list. That would only be the case if the airport had a list of “approved fliers” and only allowed them past the security check. (Actual US airport security employs blacklisting: the TSA’s “no-fly” list.)
There was considerable discussion on Piazza regarding just what constitutes a whitelist. The key notions concern: (1) a list created ahead of time, and not data-dependent (e.g., not created per-user), (2) analyzed to establish its safety properties, (3) analyzed to determine that it’s not overly restrictive.
(d) (12 points) Which of the following attacks can web servers protect against by san- itizing user input? LL that apply, even for cases where there are better ways to protect against the attack than sanitization.
XSS
CSRF
SQL Injection
Phishing Drive-by Malware Clickjacking
Solution: Sanitizing user input (more broadly, untrusted data) means trans- forming it in some fashion to remove or deactivate (say by quoting) elements that could be treated as instructions rather than data. This applies to XSS (for
Midterm 1
Page 6 of 18
CS 161 – SP 17
which untrusted data can be sanitized by removing