Security

Front 1

What is security? (3)

Back 1

Confidentiality - access to systems or data is limited to authorized parties

Integrity - when you ask for data, you get the "right" data

Availability - the system or data is there when you want it

Front 2

What is privacy?

Back 2

Any certain data that is associated with you as a natural person, and/or identifies you as a person, you should be able to control

Front 3

Who created the concept of privacy?

Back 3

Legal system

Front 4

What is data minimization?

Back 4

You’re only allowed to collect data you absolute need for the business - anything else, you can’t collect without consent

Front 5

What is Canada's privacy legislation?

Back 5

PIPEDA

Personal Information Protection and Electronic Documents Act

Front 6

What is PIPEDA's Fair Information Principles? (10)

Back 6

- Be accountable

- Identify purpose of data collection

- Obtain consent

- Limit collection

- Limit use, disclosure, and retention (right to be forgotten)

- Be accurate

- Use appropriate safeguards

- Be open (transparency)

- Give individuals access

- Provide recourse

Front 7

What are the four categories of threats?

Back 7

Interception - Intercept emails, debugger

Interruption - Interfere, “jamming”, make unavailable

Modification - Can change, install malware

Fabrication - forge emails in your name

Front 8

What is a threat model?

Back 8

Identify possible threats, and how you would defend

Front 9

What is an attack?

Back 9

Executes threat

Front 10

What is control?

Back 10

Removing or reducing vulnerability

Front 11

What is defence in depth?

Back 11

Have different controls that protect different vulnerabilities

Front 12

How can you defend against a threat?

Back 12

- Prevent it

- Deter it (make it harder or more expensive)

- Deflect it (make less attractive to attacker)

- Detect it

- Recover from it (costly)

Front 13

How would you prevent your car being stolen?

Back 13

Immobilizer

Front 14

How would you deter your car being stolen?

Back 14

Store your car in secure parking facility

Front 15

How would you deflect your car being stolen?

Back 15

Sticker mentioning car alarm, keep valuables out of sight

Front 16

How would you detect your car being stolen?

Back 16

Car alarms, OnStar

Front 17

How would you recover your car being stolen?

Back 17

INsurance

Front 18

What is the Principle of Easiest Penetration?

Back 18

The attacker will go after whatever part of the system is easiest, not most convenient for you

Front 19

What is the Principle of Adequate Prevention?

Back 19

Don't pay $100 000 to secure a system worth $1000

Front 20

What is a flaw?

Back 20

Problem with a program

Front 21

What is a security flaw?

Back 21

Problem that affects security (CIA) in some way

Front 22

What are the two types of flaws?

Back 22

Faults and failures

Front 23

What is a fault?

Back 23

Mistake "behind the scenes"

Potential problem

Front 24

What is a failure?

Back 24

When something actually goes wrong

Deviation from desired behaviour

Front 25

How can you find faults that haven't yet led to failures?

Back 25

Cause some failures!

Front 26

What is fuzzing?

Back 26

Automated tools that "understand" common problems in systems/code

Brute-force bad inputs

Front 27

What are the genesis (3) of security flaws?

Back 27

Malicious intentional

Nonmalicious intentional

Unintentional

Front 28

Why target suid programs?

Back 28

You can become root, escalate permissions, do something more interesting

Front 29

What is ROP?

Back 29

Return-oriented programming

Piecing together exploits from snippets of code executed in many return statements already in the code

Front 30

What is an integer overflow?

Back 30

Program assumes integer is always positive

Overflow will make signed integer wrap and become negative, violating assumption

Front 31

What is mediation?

Back 31

Ensuring that user input constitutes meaningful request

Front 32

What is incomplete mediation?

Back 32

When application accepts incorrect data from the user

Front 33

How do you design programs such that they're less likely to have security flaws? (5)

Back 33

- Modularity

- Encapsulation

- Information hiding

- Mutual suspicion

- Confinement

Front 34

Why is modularity helpful for finding/preventing security bugs?

Back 34

The complexity of each piece will be smaller, soeach piece will be far easier to check for flaws,test, maintain, reuse

Front 35

Why is encapsulation helpful for finding/preventing security bugs?

Back 35

Have the modules be mostly self-contained,sharing information only as necessary• This helps reduce coupling

Front 36

Why is information hiding helpful for finding/preventing security bugs?

Back 36

Prevents accidental reliance on behaviours not promised in the API

Also hinders some kinds of malicious actions by the developers themselves

Front 37

Which is stronger: information hiding or encapsulation?

Back 37

Encapsulation

Front 38

What is information hiding?

Back 38

Implementation and internal state of one module should be hidden from developers of other modules

Front 39

What is mutual suspicion?

Back 39

Modules check inputs are sensible before acting on them

Front 40

Why is mutual suspicion helpful for finding/preventing security bugs?

Back 40

Defence against flaws in, ormalicious behaviour on the part of, other modules

Corrupt data in one module should be prevented fromcorrupting other modules

Front 41

What is confinement?

Back 41

If Module A needs to call a potentiallyuntrustworthy Module B, it can confine it (alsoknown as sandboxing)

Module B is run in a limited environment that onlyhas access to the resources it absolutely needs

Front 42

What is a web bug?

Back 42

Object (usually a 1x1 pixeltransparent image) embedded in a web page,which is fetched from a different server from theone that served the web page itself

Front 43

What do web bugs do?

Back 43

Information about you can be sent to third parties(often advertisers) without your knowledge orconsent

Front 44

What kind of exploit is a web bug?

Why?

Back 44

Malicious

Instructs your browser to behave ina way contrary to the principle of informationalself-determination

(Similar to buffer overflow attack instructing browser to behave in a waycontrary to the security policy)

Front 45

How can your identity be leaked to advertisers?

Back 45

Being allowed to post on social media sites, need to link profile information so now has access

Front 46

What is a back door / trapdoor?

Back 46

Set ofinstructions designed to bypass the normalauthentication mechanism and allow access to thesystem to anyone who knows the back door exists

Front 47

Where can back doors come from? (5)

Back 47

- Forgot to remove

- Left in for testing

- Left in for maintenance (field service techs)

- Left in for legal reasons (lawful access)

- Left in for malicious purposes (Death Star)

Front 48

What is a salami attack?

Example?

Back 48

Attack that is made up ofmany smaller, often considered inconsequential,attacks

E.g. Send the fractions of cents ofround-off error from many accounts to a singleaccount owned by the attacker

Front 49

What is a privilege escalation attack?

Back 49

Attack which raises theprivilege level of the attacker (beyond that towhich he would ordinarily be entitled)

Front 50

Where can privilege escalation attacks originate? (2)

Back 50

- Part of the system that legitimately runs withhigher privilege can be tricked into executingcommands (with that higher privilege) on behalfof the attacker

- Trick the system intothinking he is in fact a legitimate higher-privilegeduser

Front 51

What are the components of a rootkit?

Back 51

1. Method for gaining root privileges on a machine (either starting with a localunprivileged account, or possibly remotely), and often leaving a backdoor

2. Way to hide existence (stealth capability)

Front 52

How can rootkits hide their existence? (3)

Back 52

- Clean up exploited log messages

- Modify ls/ps so they don't report rootkit files/processes

- Modify kernel so no user program learns about rootkit files/processes

Front 53

Who installs keystroke loggers?

Back 53

Malware, messed up family members

Front 54

What type of keyboard loggers are there? (3)

Back 54

Application-specific: record only strokes for specific app

System: record all pressed, maybe for specific user

Hardware: sits within keyboard, undetectable by software and works with any OS

Front 55

What type of attack was the Conficker worm? How did it work?

Back 55

Interface illusion

Dragging a scrollbar actually dragged a program into the Startup folder

Front 56

What is a common example of interface illusion?

Back 56

Phishing

Front 57

What are man-in-the-middle attacks?

Examples? (3)

Back 57

Intercepts thecommunication from the user, and then passes iton to the intended other party

- phishing

- keyboard logging

- interface illusions

Front 58

What is the general next step taken by man-in-the-middle attacks, after logging?

Back 58

Hijacking, and sometimes even editing displayed results to hide hijacking action

Front 59

What is a covert channel?

Back 59

Attacker creates a capability to transfersensitive/unauthorized information through achannel that is not supposed to transmit thatinformation

Front 60

What are side channel attacks?

Back 60

Usually takes advantage of being in the physical vicinity

Front 61

What are some ways to control security flaws while coding? (4)

Back 61

- Don't use C (lol)

- Static code analysis

- Formal methods

- Genetic diversity

Front 62

What types of security bugs does static code analysis usually catch?

Back 62

Buffer overflows, TOCTTU

Front 63

What is one way the programmer can trend towards the "formal method" for finding security bugs?

Back 63

Assertions, hints, markup

Front 64

Why is genetic diversity important?

Back 64

Worms and viruses are able topropagate so quickly because many, manymachines run the same vulnerable code

Front 65

What different kinds of code reviews exist? (3)

Back 65

- Open-source model (just give it to them)

- Guided (author explains as it's being reviewed)

- Easter egg (author inserts intentional flaws)

Front 66

What are the two main strategies for testing security?

Back 66

- Try to make the program do unspecified things just bydoing unusual (or attacker-like) things to it

-Try to make the program do unspecified things bytaking into account the design and the implementation

Front 67

What kind of testing can we use for finding security flaw? (2)

Back 67

- Black box (including fuzz)

- White box

Front 68

What is fuzz testing?

Back 68

Type of black box testing

Supply completely random data to the object...

- As input in an API

- As a data file

As data received from the network

- As UI events

Front 69

What is white box testing most useful for?

Back 69

Regression testing

Make a comprehensive set of tests, and ensure theprogram passes them

When the next version of the program is being tested,run all these tests again

Front 70

What are standards?

Back 70

Organization's rules about howthings are done at each stage of the softwarelifecycle

Front 71

What are processes?

Back 71

Specifications of how each ofan organization's standards should be implemented

Front 72

What is an audit?

Back 72

Somebody (usually external tothe organization) comes in and verifies that you’refollowing your processes properly

Front 73

What are the types of separation existing in OS's? (4)

Back 73

Physical: different physical resources for different users

Temporal: execute different users' programs at different times

Logical: user doesn't know other users exist

Cryptographic: Encrypt data and make it unintelligible to outsiders

Front 74

What is the problem with physical separation in an OS?

Back 74

Easy, but expensive

Front 75

What is the problem with cryptographic separation in an OS?

Back 75

Complex

Front 76

What are some memory/address protection techniques? (5)

Back 76

- Fence register

- Base/bounds register pair

- Tagged architecture

- Segmentation

- Paging

Front 77

How does a fence register work?

Back 77

- Exception if memory access below address in fenceregister

- Protects operating system from user programs

- Single-user OS only

Front 78

How does a base/bounds register pair work?

Back 78

- Exception if memory access below/above address inbase/bounds register

- Different values for each user program

- Maintained by operating system during context switch

- Limited flexibility

Front 79

How does tagged architecture work?

Back 79

- Each memory word has one or more extra bits thatidentify access rights to word

- Very flexible

- Large overhead

- Difficult to port OS from/to other hardwarearchitectures

Front 80

How does segmentation work?

Back 80

- Each program has multiple address spaces (segments)

- Different segments for code/data/stack

- Virtual addresses contain

- OS keeps segment table mapping segment name to base physical address

- OS can (transparently) relocate or resize segmentsand share them between processes

- Segment table also keeps protection attributes

Front 81

What are the pros/cons of segmentation? (4, 3)

Back 81

Pros

- Each address reference checked for protection by hardware

- Many different classes of data items can be assigned different protection levels

- Users can share access (maybe with different access rights) to a segment

- Users can't access unpermitted segment

Cons

- External fragmentation

- Dynamic lengths of segments generates very costly out-of-bounds check

- Segment names difficult to implement efficiently

Front 82

How does paging work?

Back 82

- Program divided into equal-sized chunks (pages)

- Physical memory divided into equal-sized chunks (frames)

- Frame size = page size * 2

- Virtual addresses contain

- OS keeps page table mapping from page number to physical address, along with memory protection attributes

Front 83

What are the pros/cons of paging? (4, 2)

Back 83

Pros

- Each address reference is checked for protection byhardware

- Users can share access to a page, with potentiallydifferent access rights

- Users cannot access an unpermitted page

- Unpopular pages can be moved to disk to free memory

Cons

- Internal fragmentation

- Assigning different levels of protection to differentclasses of data items not feasible

Front 84

What are the goals of access control? (3)

Back 84

Check every access: OS may fail to notice access has been revoked

Enforce least privilege: access only to smallest number of objects required to perform task

Verify acceptable use: limit types of activity

Front 85

Why are access control matrices rarely implemented as matrices?

Back 85

??

Front 86

What are the usual access control matrix implementations? (3)

Back 86

- Set of access control lists (column-wise)

- Set of capabilities (row-wise)

- Combination of above

Front 87

What can we do quickly for an ACL? (2)

Back 87

- Determine set of allowed users per object

- Revoke user's right to an object

Front 88

What is a slow action for an ACL? (2)

Back 88

- Determine set of objects user can access

- Revoke user's right to all objects

Front 89

What is a capability?

Back 89

Unforgeable token that gives its ownersome access rights to an object

Front 90

How are capabilities unforgeable?

Back 90

Enforced by having OS store andmaintain tokens or by cryptographic mechanisms

E.g., digital signatures (see later) allow tokens to be handedout to processes/users. OS will detect tampering whenprocess/user tries to get access with modified token.

Front 91

Are capability tokens transferrable?

Back 91

maybe (i.e. if anonymous)

Front 92

What can we do quickly for capabilities? (3)

Back 92

- Determine set of objects user can access

- Revoke user's right to an object

- Revoke user's right to all objects

Front 93

What are slow actions for capabilities? (1)

Back 93

- Determine set of allowed users per object

Front 94

Why would we use both ACLs and capabilities?

Back 94

- In a UNIX file system, each file has an ACL, whichis consulted when executing an open() call - If approved, caller is given a capability listing typeof access allowed in ACL (read or write)

- Capability is stored in memory space of OS

- Upon read()/write() call, OS looks at capability todetermine whether type of access is allowed

Front 95

What is Role-based access control?

Back 95

Objects that a user can access often do not depend on user's identity, but on role within company

Front 96

What is the advantage of RBAC?

Back 96

When a user takes over new role, need to updateonly her role assignment, not all her access rights

Front 97

What are some RBAC extensions? (3)

Back 97

Hierarchial roles: reduces number of role/access right assignemtns

Multiple roles: users take/give up roles as required. User's current session contains currently initiated roles

Separation of duty: requiring multiple roles

Front 98

What are different attacks on passwords? (5)

Back 98

- Shoulder surfing

- Keystroke logging

- Interface illusions / phishing

- Password re-use across sites

- Password guessing

Front 99

What are the four types of authentication factors?

Back 99

- Something the user knows (password, PIN)

- Something the user has (key, card, badge, phone)

- Something the user is (fingerprint, voice recognition, face)

- Something about the user's context (location, time, devices in proximity)

Front 100

What's a way to make more solid authentication?

Back 100

Combine different classes of auth (two-fac)

Front 101

What are some usability problems with passwords? (4)

Back 101

- Forgotten passwords might not be recoverable

- Entering passwords is inconvenient

- If password is disclosed to unauthorized individual, theindividual can immediately access protected resource (unless multi-fac auth)

- If password is shared among many people, passwordupdates become difficult

Front 102

How many passwords can be brute-force checked per second (on 25 AMD Radeon graphics cards)?

Back 102

350 billion

95^8 in 5.5 hours

Front 103

At about which length of password does it become exponentially difficult to check?

Back 103

6 (Desktop Core i7 980x)

7 (GPU Radeon 6970)

8 (cloud Amazon EC2)

So just use 9 lol

Front 104

What are some password guessing attack assumptions? (3)

Back 104

- Password consists of root and pre/postfix appendage (e.g. password1)

- Root is from dictionaries

- Appendage is combinations of digits, date, single symbol

Front 105

What is an offline password attack?

Back 105

Attack requires that attacker has encryptedpassword file or encrypted document

Front 106

How can an attacker get around being detected after n failed login attempts?

Back 106

Use the same easy passwords on lots and lots of usernames

Front 107

What is an issue with forcing users to change their passwords?

Back 107

Leads to password cycling and similar passwords

Front 108

What's a good way to store passwords?

Back 108

Digital fingerprint of password in password file

When logging in, system computes fingerprint of entered password and compares it with user's stored fingerprint

Front 109

What's a problem with digital password fingerprints?

Back 109

If the file leaks, still allows for guessing offline attacks

Front 110

What problem does user-specific salts solve?

Back 110

Makes guessing attacks harder for password fingerprints

Salt derived from time of day + process ID of /bin/passwd, and then stored in password file

Two users with same password will have different fingerprints, so can't build table of fingerprints and passwords to use for any password file

Front 111

Why shouldn't you use a cryptographic hash? What other hashes could you use instead?

Back 111

Cheap to compute

Use an iterated hash function that isexpensive to compute (e.g., bcrypt) and maybealso uses lots of memory (e.g., scrypt)

Takes hundreds of milliseconds, slowing down a guessing attack significantly,but barely noticed by user

Front 112

What is an additional defence to a cryptographic hash?

Back 112

MAC

Mixes in secret key to compute password fingerprint

If fingerprints leak, guessing attacks aren't useful anymore

Secret key can be embedded in tamper-resistant hardware

Front 113

How can your recover passwords?

Back 113

Have to store encrypted version of the password in thepassword file, and keep encryption key away fromattacker

Allowsthe system to (easily) re-compute a password ifnecessary

Front 114

How was the password recovery process hacked? When?

Back 114

Adobe Password Hack, November 2013

Password hints weren't encrypted (!!!)

1. NUL byte was appended to the password

2. Additional NUL bytes were appended as requiredto make the length a multiple of 8 bytes

3. Padded passwords were encrypted 8characters at a time using a fixed key (ECB mode, weakest possible encryptionmode)

Front 115

What is an interception attack for passwords?

Back 115

Attacker intercepts password while in transmission from client to server

Front 116

What are some ways to protect against password interception attacks?

Back 116

One-time passwords (fob, challenge-response protocol)

Front 117

How does challenge-response protocol work?

What's the weakness?

Back 117

- Server sends random challenge to client

- Client uses challenge and password to compute one-time password

- Client sends one-time password to server

- Server checks whether client's response is valid

Weakness: Given intercepted challenge/response, attacker might be able to brute-force

Front 118

What are some issues with graphical passwords? (2)

Back 118

- Choice of place (selecting point on photo) not necessarily random

- Shoulder surfing

Front 119

What is the major flaw of biometric authentication?

Back 119

If observed trait is sufficiently close to previously stored trait, accept user (observed will never be completely identical)

Plus, your fingerprints are not really secret

Front 120

In which situation are biometric authentication methods well-suited?

Back 120

Local authentication (not remote auth)

A guard can watch me put my own finger on the scanner, and see that I'm not holding up a picture of someone else

Front 121

Authentication vs identification?

Back 121

Authentication: does captured trait correspond to particular stored trait?

Identification: does captured trait correspond to any of the stored traits?

Front 122

What can make biometrics-based identification useless?

Back 122

False positives/negatives

Front 123

Why should you authenticate the server?

Back 123

With the help of a password, system authenticatesuser (client), but user should also authenticate system (server)else password might end up with attacker

E.g. CTRL-ALT-DEL before login because key combination cannot be overwritten by attacker

Front 124

What are some other problems with biometrics? (3)

Back 124

Privacy: why should my employer etc. have my biometric information? Plus, if leaks, can't make "new biometric password"

Accuracy: false negs are annoying, but weaker match is unsafe. What if I grow a beard or lose a hand?

Secrecy: Your fingerprint/face... not really secret...

Front 125

What does it mean to trust an entity?

Back 125

Trusting an entity means that if this entitymisbehaves, the security of the system fails

Front 126

What does a trusted OS build on? (4)

Back 126

Policy: A set of rules outlining what is secured andwhy

Model: A model that implements the policy andthat can be used for reasoning about the policy

Design: A specification of how the OS implementsthe model

Trust: Assurance that the OS is implementedaccording to design

Front 127

What is trusted software?

Back 127

Software that has been rigorously developed andanalyzed, giving us reason to trust that the codedoes what it is expected to do and nothing more

Front 128

What does it mean for software to be functionally correct?

Back 128

Software works correctly

Front 129

What is enforcement of integrity?

Back 129

Wrong inputs don’t impact correctness of data

Front 130

What is limited privilege?

Back 130

Access rights are minimized and not passed to others

Front 131

What is meant by appropriate confidence level?

Back 131

Software has been rated as required by environment

Front 132

What are OS security policies rooted in?

How do they work?

Back 132

Military policies

Each object has clearance/sensitivity level

Each object may also have compartments (need-to-know)

Front 133

What are commercial security policies rooted in?

How do they work?

Back 133

Military policies

Different classification levels for information

Different departments/projects can call forneed-to-know restrictions

Assignment of people to clearance levels typicallynot as formally defined as in military

Front 134

What is the Chinese Wall security policy?

Back 134

Once you have been able to access informationabout a particular kind of company, you will nolonger be able to access information about othercompanies of the same kind

- Useful for consulting, legal or accounting firms

- Need history of accessed objects

- Access rights change over time

Front 135

What is the ss-property?

Back 135

Subject s can access object o iff eachobject previously accessed by s either belongs tothe same company as o or belongs to a differentkind of company than o does

Front 136

What is the *-property?

Back 136

For a write access to o by s, we alsoneed to ensure that all objects readable by s eitherbelong to the same company as o or have beensanitized

Front 137

What is the Clark-Wilson Security Policy based on?

Back 137

Well-formed transactions that transitionsystem from a consistent state to another one

Also separation of duty

Front 138

What are two properties of the dominance relationship >= defined in the security model?

What does it imply?

Back 138

Transitive and antisymmetric

Defines a partial order

Front 139

How do you define a lattice?

Back 139

For every a and b, there is a uniquelowest upper bound u for which u ≥ a and u ≥ band a unique greatest lower bound l for which a ≥l and b ≥ l

There are also two elements U and L thatdominate/are dominated by all levels

U = (“Top Secret”, {“Soviet Union”, “EastGermany”})L = (“Unclassified”, ∅)

Front 140

How does the Bell-La Paula Confidentiality Model work?

Back 140

Regulates information flow in MLS policies

Users should get information only according totheir clearance

Information can only flow up

Should subject s with clearance C(s) have accessto object o with sensitivity C(o)?

ss-property (“no read up”): s should have readaccess to o only if C(s) ≥ C(o)

*-property (“no write down”): s should have writeaccess to o only if C(o) ≥ C(s)

Front 141

What does the Biba integrity model do?

How does it work?

Back 141

Prevent inappropriate modification of data

Subjects and objects are ordered by an integrityclassification scheme, I(s) and I(o)

Should subject s have access to object o?

Write access: s can modify o only if I(s) ≥ I(o)

(Unreliable person cannot modify file containing highintegrity information)

Read access: s can read o only if I(o) ≥ I(s)

(Unreliable information cannot “contaminate” subject)

Front 142

What is the Low Watermark Policy?

Back 142

Subject Low Watermark Property:If subject s reads object o, then I(s) = glb(I(s), I(o)),where glb() = greatest lower bound

Object Low Watermark Property:If subject s modifies object o, then I(o) = glb(I(s), I(o))

Integrity of subject/object can only go down,information flows down

Front 143

What are the pros and cons of Bell-La Padula & Biba? (1, 2)

Back 143

Pros

Very simple, which makes it possible to proveproperties about them

Cons

- Probably too simple for great practical benefit (Need declassification, pus both confidentiality and integrity, not just one)

- Information leaks might still be possible throughcovert channels in an implementation of the mode

Front 144

What are the eight design principles for security?

(IMPORTANT!!!)

Back 144

Least Privilege - operate using fewest privileges as possible

Economy of mechanism - protection mechanism should be simple/straightforward

Open design - avoid security by obscurity, using secret keys/passwords but not secret algorithms

Complete mediation - every access attempt must be checked

Permission based / Fail-safe defaults - default should be denial of access

Separation of privileges - two or more conditions must be met to get access

Least common mechanism - every shared mechanism could potentially be used as acovert channel

Ease of use - if protection mechanism is difficult to use, nobody willuse it or it will be used in the wrong way

Front 145

What are the security features of a trusted OS? (7)

Back 145

- Identification and authentication

- Access control

- Object reuse protection

- Complete mediation

- Trusted path

- Accountability and audit

- Intrusion detection

Front 146

What is Mandatory access control (MAC)?

What is it used for?

Back 146

Central authority establishes who can access what

Good for military environments, and for implementing Chinese Wall, Bell-La Padula, Biba

Front 147

What is Discretionary access control (DAC)?

What is it used for?

Back 147

Owners of an object have (some) control over who canaccess it

You can grant others access to your home directory

e.g., UNIX and Windows

Front 148

What is RBAC?

Back 148

Neither MAC nor DAC

Front 149

What does Object reuse protection prevent?

Back 149

If one user allocates memory in the OS, stores her password in it, and eventually calls free() on the memory, the next user who's allocated the same memory could find her password in it if the memory hasn't been wiped

Front 150

What is hidden data?

Back 150

Hidden data is related to object reuse protection You think that you deleted some data, but it is stillhidden somewhere

e.g. deleting an email on Gmail doesn't delete on Google's backup servers

Front 151

What is complete mediation? What problem does it fix?

Back 151

All accesses must be checked

Preventing access to OS memory is of little use if it ispossible to access the swap space on disk

Front 152

What is a trusted path? What problem does it fix?

Back 152

Give assurance to user that her keystrokes and mouseclicks are sent to legitimate receiver application

Front 153

How can an audit log help? When is it not useful?

Back 153

Provides accountability if something goes bad

Does not give accountability ifattacker can modify the log

Front 154

How does granularity affect audit logs?

Back 154

For fine-grained logs, we might run intospace/efficiency problems or finding actual attack canbe difficult

For coarse-grained logs, we might miss attack entirelyor don’t have enough details about it

Front 155

How does an OS detect intrusion?

Back 155

Correlating actual behaviour withnormal behaviour

Alarm if behaviour looks abnormal

Front 156

What is a Trusted Computing Base (TCB)?

Back 156

Consists of the part of a trusted OS that isnecessary to enforce OS security policy

Can be implemented either in different partsof the OS or in a separate security kernel

Front 157

How does the implementation location of a TCB change its effectiveness?

Back 157

Separate security kernel makes it easier to validateand maintain security functionality

Security kernel runs below the OS kernel, whichmakes it more difficult for an attacker to subvert it

Front 158

How can rings be used for security?

Back 158

Some processors support layeringbased on “rings”

If processor is operating in ring n, code can accessonly memory and instructions in rings ≥ n

Accesses to rings < n trigger interrupt/exceptionand inner ring will grant or deny access

Front 159

What is a reference monitor?

Back 159

Crucial part of the TCB

Collection of access controls for devices, files,memory, IPC, etc

Interacts with other security mechanism, e.g., userauthentication

Front 160

What must the reference monitor be? (3)

Back 160

Tamperproof

Unbypassable

Analyzable

Front 161

What are the degrees of virtualization?

Back 161

Virtual Memory: Page mapping gives each process the impression ofhaving a separate memory space

Virtual Machines: virtualize I/O devices, files, printers, etc

Front 162

What's a possible security flaw for virtual machines?

Back 162

A rootkit could make your OS runin a virtual environment and be very difficult to detect

Front 163

How does application insulation work?

Back 163

Memory encryption techniques allow applicationshielding from other apps, OS, some hardwareattacks

- Application is partitioned into trusted anduntrusted code

- Trusted code segment is encrypted in memoryusing a key living in secure hardware (close toCPU)

- Untrusted code talks with trusted code viacompact API

- Trusted computing base is reduced to securehardware, CPU and (hopefully small) trusted code

Front 164

Why is the principle of least privilege poor in popular OS's?

Back 164

Windows pre-NT: any user process can do anything

Windows pre-Vista: fine-grained access control, but many users just ran asadministrators, which can do anything

Windows Vista: Easier for users to temporarily acquire additional accessrights

Traditional Unix: a root process has access toanything, a user process has full access to user’sdata

Front 165

How does chroot work?

Back 165

Sandbox/jail a command by changing its rootdirectory

- Command cannot access files outside of its jail

- Some commands/programs are difficult to run in ajail, but there are ways to break out of the jail

Front 166

How does compartmentalization work?

Back 166

Split application into parts and apply least privilegeto each part

- OpenSSH splits SSH daemon into a privilegedmonitor and an unprivileged, jailed child

- Child receives (maybe malicious) network datafrom a client and might get corrupted

- Child needs to contact monitor to get access toprotected information (e.g., password file)

- Monitor shuts down child if behaviour is suspicious

Front 167

How does the setuid/suid bit work?

Back 167

If suid bit is set for an executable, the executablewill execute under the identity of its owner, notunder the identity of the caller

- /usr/bin/passwd belongs to root and has suid bit set

- If a user calls /usr/bin/passwd, the program willassume the root identity and can thus update thepassword file

Front 168

What attack does the setuid/suid bit protect against? How?

Back 168

Confused deputy attack

Eve executes /usr/bin/passwd and manages toconvince the program that it is Alice who is executingthe program. Eve can thus change Alice’s password

Front 169

How can we convince others to trust the OS? (4)

Back 169

- Testing

- Formal verification

- Validation

Front 170

What criteria are commonly used to evaluate OS trustworthiness? (2)

Back 170

- “OrangeBook” of the U.S. Department of Defence

- Common Criteria

Front 171

How does are the Common Criteria used to evaluate OS's?

Back 171

- Have Protection Profiles, which list securitythreats and objectives

- Products are rated against these profiles

Front 172

How does a port scan work?

Back 172

Attacker sends queries to ports on target machineand tries to identify whether and what kind ofapplication is running on a port

Front 173

What is a loose-lipped system?

Back 173

Systems reveal (non-confidential)information that could facilitate an attack

Login application can reveal information about OS orwhether a userid is valid, and web servers typically return version information

Front 174

How can a copper wire be tapped?

Back 174

Inductance allows a physically close attacker toeavesdrop without making physical contact

Cutting cable and splicing in secondary cable is anotheroption

Front 175

Why is optical fibre cable better than copper wire?

Back 175

No inductance, and signal loss by splicing is likelydetectable

Front 176

What security issues does wifi create?

Back 176

- Easily intercepted by anyone with WiFi device

- Physical barriers (walls) help against random devicesbeing connected to a wired network, but are (nearly)useless in case of wireless network

- Need authentication mechanism to defend against freeriders

Front 177

How does LAN treat misdelivered information? How can that be exploited?

Back 177

Technical reasons might cause a packet to be sent tomultiple nodes, not only to the intended receiver

By default, a network card ignores wrongly deliveredpackets

An attacker can change this and use a packet sniffer tocapture these packets

Front 178

How does spoofing work?

Back 178

Object (node, person, URL, Web page, email, WiFiaccess point,. . . ) masquerades as another one, usually URL spoofing

Also used in session hijacking andman-in-the-middle attacks

Front 179

How does session hijacking work?

Back 179

TCP protocol sets up state at sender and receiverend nodes and uses this state while exchangingpackets

Web servers sometimes have client keep a littlepiece of data (“cookie”) to re-identify client forfuture visits, attacker can sniff or steal cookie and masquerade asclient

Front 180

What is the Morris Worm?

Back 180

First Internet worm, launched by a graduatestudent at Cornell in 1988

- Exploit a buffer overflow in the “finger” daemon

- Use a back door left in the “sendmail” mail daemon

- Try a “dictionary attack” against local users’passwords. If successful, log in as them, and spread toother machines they can access without requiring apassword

Front 181

What is the Code Red Worm?

Back 181

2001, Exploited a buffer overflow in Microsoft’s IIS webserver

- Deface its home page

- Launch attacks on other web servers (IIS or not) - Launch a denial-of-service attack on a handful of websites, including www.whitehouse.gov

- Installed a back door and a Trojan horse to try toprevent disinfection

Infected 250,000 systems in nine hours

Front 182

What is the Slammer Worm?

Back 182

2003, first Warhol worm

Exploited a buffer overflow in Microsoft’s SQLServer, infected with single UDP packet

90% of vulnerable hosts infected in 10 minutes

Front 183

What is Stuxnet?

Back 183

2010, created by US and Israeli intelligence targeting Iranian uranium enrichmentprogram

Tried to be very specific and uses many criteriato select which systems to attack after infection

Very promiscuous: Used 4(!) different zero-dayattacks to spread. Has to be installed manually(USB drive) for air-gapped systems

Very stealthy: Intercepts commands to SCADAsystem and hides its presence

Very targeted: Detects if variable-frequency drivesare installed, operating between 807-1210 Hz, andthen subtly changes the frequencies so thatdistortion and vibrations occur resulting in brokencentrifuges.

Front 184

What is Flame?

Back 184

2012, Middle Eastern countries’ energysectors

- Sniffs networks for passwords

- Scans disks for specific content

- Takes periodic screenshots

- Uses attached microphone to record environmentalsounds

- Records Skype conversations

- Sends captured information over SSH and HTTPS tocommand center

Front 185

How is TCP/IP naive? Example of how it can be taken advantage of?

Back 185

Assumes nodes implement protocols faithfully.

TCP includes mechanism that asks sender node to slow down if network is congested, attacker could ignore these requests

Front 186

What is a possible disaster to come out of implementations that do not check if a TCP packet is well formatted?

Back 186

If all implementations are from the same vendor or based on the same code base

Front 187

How does accessing a URL work? How can attackers exploit this process? (2)

Back 187

- Can examine code returned from web server for vulnerabilities

- Send malicious URL to web server to exploit buffer overflow, invoke shell/some other program, feed malicious input to server-side script, access sensitive files, etc.

Front 188

What vulnerability arises from the fact that HTTP is stateless?

Back 188

Asks client to keep state, which attacker can modify before submission (incomplete mediation)

Front 189

What is a cross-site scripting (XSS) / request forgery (CSRF) attack?

Back 189

Code injection

Attacker adds his/her own HTML code to somebody else's web page

XSS: Code steals sensitive information (e.g. cookies) contained in web page and sends to attacker

www.bank.com/aliceCookie=secretValue

CSRF: Code performs malicious action at some website if user is logged in
www.bank.com/transferMoneyToAttacker

Front 190

What is a DoS attack?

Back 190

Cutting a wire or jamming a wireless signal

Flooding a node by overloading its Internetconnection or its processing capacity

Front 191

What is a Ping flood?

Back 191

Node receiving a ping packet is expected to generate areply

Attacker could overload victim

Different from “ping of death”, which is amalformatted ping packet that crashes victim’scomputer

Front 192

What is a Smurf attack?

Back 192

Spoof (source) address of sender end node in pingpacket by setting it to victim’s address

Broadcast ping packet to all nodes in a LAN

Front 193

What is a SYN flood?

Back 193

TCP initializes state by having the two end nodesexchange three packets (SYN, SYN-ACK, ACK)

Server queues SYN from client and removes it whencorresponding ACK is received

Attacker sends many SYNs, but no ACKs

Front 194

How can you exploit knowledge of implementation details for a web node to make node perform poorly? (3)

Back 194

- Send packet fragments that cannot be reassembledproperly

- SYN flood

- Craft packets such that they are all hashed intothe same bucket in a hash table

Front 195

What is a Black hole attack?

Back 195

Packet drop attack

- Routing of packets in the Internet is based on adistributed protocol

- Each router informs other routers of its cost to reach aset of destinations

- Malicious router announces low cost for victimdestination and discards any traffic destined for victim

- Has also happened because of router misconfiguration

Front 196

What is a DNS attack?

Back 196

DNS cache poisoning can lead to packets being routedto the wrong host

Front 197

What is a DDoS attack?

Why is it hard to defend?

Back 197

Distributed denial of service

Use botnet (network of bots) attacking a server at once

So many, hard to find out where they are

Front 198

What is a Reflection & Amplification DDoS attack?

Back 198

Attack where victim is flooded with legit-looking traffic originating from unsuspecting network nodes on internet

Amplification: vulnerable network node runs service that responds to queries with much more data than query itself

Reflection: attacker spoofs source address of queries to that of the victim so that vulnerable network nodes send (reflect) responses to victim

Front 199

Why are Reflection & Amplification DDoS attacks hard to combat? (2)

Back 199

- Response traffic coming from innocent nodes

- Hard to identify real source due to spoofing

Front 200

What is SNMP?

Back 200

Simple Network Management Protocol

UDP protocol, no longer used

Front 201

Why is SNMP awful? (4)

Back 201

- Very insecure

- unencrypted communication

- community string (like a pw) set to public by default, maximizing potential reflectors

- allows for GetBulkRequest query, sending back order of magnitude more data as request

Front 202

How have today's botnets evolved? (past, present)

Back 202

Originally came from central command server, "remote-controlled,"

Now, able to sell services in use of botnets

- Virus/worm/trojan for propagation, exploitmultiple vulnerabilities

- Stealthiness to hide from owner of computer• Code morphing to make detection difficult

- Bot usable for different attacks

Front 203

What is Fast Flux?

Back 203

- Single host name maps to hundreds of addresses of infected machines

- Machines proxy to malicious websites / "mothership"

- Machines constantly swapped in/out of DNS to make tracking dififcult

Front 204

What is the Domain Generation Algorithm?

Back 204

- Infected machine generates a large set (50,000 in the caseof Conficker) of domain names that changes every day

- It contacts a random subset of these names for updates

- To control the botnet, authorities would have to takecontrol of 50,000 different domain names each day

Front 205

How have the goals of worm hackers changed how botnets are implemented?

Back 205

Before: FAME - spread worm as fast as possible, causes disruption but easy to track

Now: PROFIT - spread slowly, lie dormant for weeks, rent them out

Front 206

What was the Storm Worm?

Back 206

2007, millions of machines

Used to send out junk emails advertising links that downloaded/installed worm, or hosted the websites

Rented out for pharmacy/investment spam

Ran DDoS as self-defence against addresses that scanned for it

Front 207

What is active code?

Back 207

To reduce load on server, server might ask clientto execute code on its behalf

Front 208

What's the danger with active code?

Back 208

Java 1.1 ran in a sandbox with limited capabilities,code is checked for correctness, but could still use up CPU or memory resources,wreak havoc with display, or play annoying music

Java 7 runs signed applets out of sandboxby default

Front 209

Privileged vs Sandboxed active code?

Back 209

Privileged: The application will run with unrestricted accesswhich may put your computer and personal information atrisk.

Sandboxed: The application will run with restricted accessthat is intended to protect your computer and personalinformation.

Front 210

What is the advantage of segmentation / separation?

Back 210

Don't put all company's servers on single machine

If a machine gets broken into, only some serviceswill be affected

Front 211

Why is redundancy good?

Back 211

Avoids single points of failure

Front 212

How should you implement redundancy?

Back 212

- Servers should be deployed in redundant way on multiple machines, ideally with different software to get genetic diversity and different locations

- keep in close sync os that backup servers can take over easily

Front 213

What are ACLs?

Back 213

Access controls

All traffic to company goes through single (or a few) router(s), and in case of flooding attack, filter through ACL definition

Front 214

What's the issue with ACLs?

Back 214

- Expensive for high-traffic routers

- Difficult to gather logs for forensics analysis

- Source addresses of packets in flood are typically spoofed and dynamic

Front 215

What is a firewall?

Back 215

All traffic in/out of company has to go through small number of gates (choke points)

Front 216

Where does a wireless access point need to be in relation to a firewall?

Back 216

Outside

Front 217

What do choke points do?

Back 217

Carefully examine traffic, especially incoming, and may refuse access

Front 218

What are the two strategies available at choke points?

Back 218

- permit everything unless explicitly forbidden

- forbid everything unless explicitly allowed

Front 219

What do company firewalls not protect against? How can you remedy this?

Back 219

Attacks on company hosts that originate within company

Need defense in depth

Front 220

What types of firewalls exist? (4)

Back 220

- Packet filtering gateways / screening routers

- Stateful inspection firewalls

- Application proxies

- Personal firewalls

Front 221

How are firewalls typically deployed?

Back 221

On designated computers that have been stripped of all unnecessary functionality to limit attack surface

Front 222

How do packet filtering gateways work?

Back 222

Make decision based on header of a packet

- Header contains source/destination addresses, as well as port numbers which can be used to infer type of packet

- Ignores payload of packet

Can drop spoofed traffic (drop all packets originating from uWaterloo whose source address is not 129.97.x.y)

Front 223

How do stateful inspection firewalls work?

Back 223

Keep state to identify packets that belong together

IP layer can fragment packets, so firewall may have to re-assemble packets for stateful inspection

When a client within company opens TCP connection to server outside company, firewall must recognize response packets from server and let ONLY them through

Some application-layer protocols require additional (expensive) inspection of packet content to figure out what kinWd of traffic should be let through

Front 224

Which is more expensive? Packet filtering firewalls or stateful inspection firewalls?

Back 224

Stateful inspection firewalls

Front 225

How do application proxy firewalls work?

Back 225

Client talks to proxy, proxy talks to server

- Intercepting proxy requires no explicit configuration byclient (or knowledge of this filtering by client)

- All other traffic is blocked

- Proxy has full knowledge about communicationand can do sophisticated processing

- Limit types of allowed database queries, filter URLs,log all emails, scan for viruses

Front 226

Who must go through an application proxy firewall?

Back 226

- Users within the company wanting to access aserver outside the company (forward proxy)

- vice versa (reverse proxy)

Front 227

What else can application proxy firewalls do?

Back 227

Strong user authentication

Front 228

What are personal firewalls?

Back 228

Firewall that runs on a home user's computer

Especially important for computers that are always online

Front 229

How do personal firewalls usually work?

Back 229

Typically “forbid everything unless explicitlyallowed”

- Definitely for communication originating from othercomputers

- Maybe also for communication originating on the user’scomputer

Front 230

What was a vulnerability of Windows XP that was fixed by a firewall?

Back 230

Server was running unnecessarily

Personal firewall protected against attacks on servers running on computers

Front 231

How do personal firewalls help protect servers? (3)

Back 231

- Servers that are running unnecessarily

- Servers that are wrongly configured and that allowaccess from other computers (or that cannot beconfigured to disallow this)

- Servers that have a remotely exploitable bug

Front 232

What is a Demilitarized Zone? (DMZ)

Back 232

Subnetwork that contains organization's external services, accessible to internet

Front 233

What does a DMZ do?

Back 233

Deploy external and internal firewall

External: protects DMZ

Internal: protects internal network from attacks lodged in DMZ

Front 234

What are honeypots / honeynets?

Back 234

Traps for attackers by setting up unprotected computer / network

System has no production value, so any activity is suspicious

Front 235

How are honeypots / honeynets useful?

Back 235

Observe attacker to learn about new attacks, identify/stop attacker, or divert from attacking real system

Front 236

What is the danger with honeypots / honeynets? (2)

Back 236

- Attacker may learn that attacked system isn't real

- Attacker may be able to use honey[pot, net] to break into real system

Front 237

What is a honeytoken?

Back 237

Data items from a regular system that isn't used

E.g. Account for student that doesn't exist

Front 238

What are the two types of honey[pots, nets]?

Back 238

Low interaction

- Daemon that emulates one or multiple hosts, runningdifferent services

- Easy to install and maintain

- Limited amount of information gathering possible

- Easier for the attacker to detect than high interactionhoneynets

High interaction

- Deploy real hardware and software, use stealth networkswitches or keyloggers for logging data

- More complex to deploy

- Can capture lots of information

- Can capture unexpected behaviour by attacker

Front 239

What is the first thing you do when you find out that someone has attacked your system?

Back 239

- Pull the plug

- Put the disk in a new machine and try to figure out what happened

Front 240

What are Intrusion Detection Systems (IDSs)?

Back 240

Next line of defence against inside attackers or insiders making mistakes

Monitor activity to identify malicious/suspicious events

- receive events from sensors

- store and analyze them

- take action if necessary

Front 241

What are the 4 types of IDSs?

Back 241

- Host-based

- Network-based

- Signature-based

- Heuristic/anomaly-based

Front 242

How do Host-based IDSs work?

Back 242

- Run on a host to protect this host

- Can exploit lots of information (packets, disk,memory,. . . )

- Miss out on information available to other (attacked)hosts

- If host gets subverted, IDS likely gets subverted, too

Front 243

How do Network-based IDSs work?

Back 243

- Run on dedicated node to protect all hosts attached toa network

- Have to rely on information available in monitoredpackets

- Typically more difficult to subvert

Front 244

What are distributed IDSs?

Back 244

Combination of host- and network-based

Front 245

How do signature-based IDSs work?

Back 245

- Each (known) attack has its signature (e.g. many SYNs to ports that are not open could bepart of a port scan)

- Signature-based IDSs try to detect attacksignatures

- Fail for new attacks or if attacker manages tomodify attack such that its signature changes (polymorphic worms)

- Might exploit statistical analysis

Front 246

How do heuristic/anomaly-based IDSs work?

Back 246

- Look for behaviour that is out of the ordinary

- By modelling good behaviour and raising alertwhen system activity no longer resembles thismodel

- Or by modelling bad behaviour and raising alertwhen system activity resembles this model

- All activity is classified as good/benign, suspicious,or unknown

- Over time, IDS learns to classify unknown eventsas good or suspicious(machine learning)

Front 247

What is Tripwire?

Back 247

Anomaly-based, host-based IDS which detects file modifications

Initially computes digital fingerprint of each system file and stores fingerprints at safe place

Periodically recomputes fingerprints and compares to stored one

Malicious file modifications will result in mismatches

Front 248

Why is it a bad idea to recompute fingerprints re: Tripwire directly on the production system?

Back 248

If machine is infected, they could subvert program computing checksum

Must get to clean state first

Front 249

What is the possible issue with false positives/negatives for IDSs?

Back 249

False positives might lead to real alarms being ignored

Trying to reduce false positives might increase false negatives

Front 250

How can you implement stealth mode for IDSs?

Back 250

Two network interfaces, one for monitoring traffic and another for admin/raising alarms

First one has no published address, so doesn't exist for routing purposes

Front 251

What is cryptanalysis?

Back 251

Breaking secret messages (recovering plaintext from ciphertext)

Front 252

What does Cryptology study? (2)

Back 252

- Cryptography

- Cryptanalysis

Front 253

What are the three major types of components of cryptography?

Back 253

Confidentiality: Preventing Eve from reading Alice's messages

Integrity: Preventing Mallory from modifying Alice's messages without being detected

Authenticity: Preventing Mallory from impersonating Alice

Front 254

Kerckhoff's Principle?

Back 254

The security of a cryptosystem shouldn't rely on a secret that's hard (or expensive) to change

Front 255

What can you do instead of breaking Kerckhoff's principle? (3)

Back 255

- Have a large class of encryption methods

- Make class public information

- Use secret key to specify which one you're using (key is easy to change)

Front 256

What was the traditional size of keys, and is still for some cases?

Back 256

1024

Front 257

What is the relation between a system's security and keys?

Back 257

A system is at most as secure as the number of keys

Front 258

What's a strong cryptosystem?

Back 258

One which forces Eve to try every single key

Front 259

What information might Eve have while she's trying to break our system? (4)

Back 259

- Knows the algorithm

- Knows some part of the plaintext

- Knows a number of corresponding plaintext/ciphertext pairs

- Has access to encryption/decryption oracle

Front 260

What is secret-key encryption?

Back 260

Also called symmetric encryption

Simplest form of cryptography

Front 261

What is a completely unbreakable cryptosystem?

Back 261

One-Time Pad

- Key is truly random bitstring of same length as the message

- Encrypt/Decrypt are just XOR

Front 262

Why does trying every key not work for one-time pads?

Back 262

Since it's truly random, you can get every message of that length

Front 263

How do you share the very secret key for the one-time pad?

Back 263

Has to be given physically

Front 264

What is the modern standard of cryptography?

How long would it take one computer to crack?

Back 264

128-bit cryptography

635 thousand million million million years

Front 265

What does Moore's law say about 128-bit crypto?

Back 265

If we wait 132 years, computers will get 2^88 times faster, and 128-bit crypto can be broken in 18 hours

Front 266

What is the point of cryptography?

Back 266

Make sure information transfer is not the weakest link

Front 267

What is a stream cipher?

Back 267

Take the one-time pad, but use pseudorandom keystream instead of truly random one

Front 268

What is the most common used stream cipher?

Back 268

RC4

Front 269

What are bad implementations of stream ciphers? (2)

Back 269

WEP, PPTP

Front 270

What is a MAC?

Back 270

Message Authentication Code

Keyed hash function (only those who know the secret key can check/compute hash value)

Front 271

What strategies exist for combining ciphers and MAC?

Back 271

- Encrypt-then-MAC (recommended)

- MAC-then-Encrypt

- Encrypt-and-MAC

Front 272

What is repudiation?

When would you want a conversation to be repudiatable? Non-repudiatable?

Back 272

Lack of ability to prove that the message was from the person who sent it

Reputiatable: Private conversations

Non-reputiatable: E-commerce

Front 273

What is a way to guarantee non-repudiation? What does that prove? (3)

Back 273

Digital signature

- Alice, and not an impersonator, sent the message (likea MAC)

- the message has not been altered since it was sent(like a MAC)

- Bob can prove these facts to a third party (additionalproperty not satisfied by a MAC)

Front 274

How do you make and verify digital signatures?

Back 274

Give everyone a copy of the encryption key, keep the decryption key private

- Alice signs the message with her private signature key

- To verify Alice’s signature, Bob verifies the message with his copy of Alice’spublic verification key

- If it verifies correctly, the signature is valid

Front 275

How can you combine public-key encryption and digital signatures?

Back 275

Both Alice and Bob have two different key-pairs: an encryption/decryption key pair, and signature/verification key pair

1. Alice uses Bob’s encryption key to encrypt amessage destined for Bob

2. She uses her signature key to sign the ciphertext

3. Bob uses Alice’s verification key to check thesignature

4. He uses his decryption key to decrypt theciphertext

Front 276

What is the lifespan of Alice's signature/verification key pair vs encryption/decryption key pair?

Back 276

Signature/verification long-lived

Encryption/decryption short-lived

=> gives perfect forward secrecy

Front 277

How can you create a new encryption/decryption key pair using a signature/verification key pair?

Back 277

Alice uses signing key to sign new encryption key, Bob uses Alice's verification key to verify signature on new key

Front 278

What is a very difficult problem of public-key cryptography?

What possible solutions exist? (3)

Back 278

Key management

How can Bob find Alice's verification key?

Manual keying - he knows it personally, like SSH

Web of trust - trusts a friend to tell him, like PGP

CA's - can trust some third party to tell him, like TLS / SSL

Front 279

What is a certificate authority (CA)?

Back 279

Trusted third party who keeps a directoryof people’s (and organizations’) verification keys

- Alice generates a (signature, verification) key pair,and sends the verification key, as well as a bunchof personal information, both signed with Alice’ssignature key, to the CA

- The CA ensures that the personal information andAlice’s signature are correct

- The CA generates a certificate consisting ofAlice’s personal information, as well as herverification key

- The entire certificate is signedwith the CA’s signature key

Front 280

Who has a copy of the CA verification key?

Back 280

Everyone, so that they can verify signature on certificate

Front 281

How do multi-level CA's work?

Back 281

- Level n CA issues certificates for leveln+1 CAs

- Public-key infrastructure (PKI) needs only verification key of root CA toverify certificate chain

Front 282

What are some common mistakes in building cryptographic protocols? (3)

Back 282

- Using the same stream cipher key for two messages

- Assuming encryption also provides integrity

- Falling for replay attacks or reaction attacks

Front 283

What is a possible issue with secret-key cryptography re: web browsers?

Back 283

If your web browser can decrypt its file containingyour saved passwords, then an adversary who canread your web browser probably can, too

Front 284

How would an encrypted-code processor work?

Back 284

- Processor decrypts instructions before executing them

- decryption key processor-dependent

- malware won't be able to spread without knowing processor's key

Front 285

What does encrypted data not prevent? (3)

Back 285

- Data against other users who legitimately use the laptop

- Someone installing malware

- Physically extracting decryption key from laptop's memory

Front 286

What is the primary use for cryptography?

Back 286

Separating security of the medium from the security of the message

Front 287

What are link-layer security controls supposed to protect? Example?

Back 287

Local area networks

Wired Equivalent Privacy (WEP)

Front 288

What were the three security goals of WEP?

Back 288

Confidentiality: prevent adversary from learning contents of wireless traffic

Access Control: prevent adversary from using wireless infrastructure

Data Integrity

Front 289

What problems are associated with WEP? (5)

Back 289

Widely shared "secrets": The random number to generate the keystream is 24 bits long, can be cracked quickly

Checksum is CRC-32: There's already CRC in protocol to detect random errors, and CRC can't help protect against malicious errors

Pair is advertised: auth protocol gives plaintext/ciphertext pair to adversary for free

The adversary can execute auth protocol: wat

RC4 is weak: When RC4 is used with similar keys, output keystream has subtle weakness, such that the keys can be recovered in under a minute

Front 290

How does CRC work?

Back 290

- independent of k and v
- linear: c(M XOR D) = c(M) XOR c(D)

Front 291

Why is the linearity of CRC a bad idea when used with a stream cipher?

Back 291

???

Front 292

How could an adversary inject a new message F onto a WEP-protected network?

Back 292

All he needs is a single plaintext/ciphertext pair

- This gives him a value of v and the correspondingkeystream RC4(v, k)

- Then C' = (F, c(F)) XOR RC4(v, k), and hetransmits v, C'

- C' is in fact a correct encryption of F, so themessage must be accepted

Front 293

How doe WEP auth protocol work?

Back 293

- The access point sends a challenge string to the client

- The client sends back the challenge, WEP-encryptedwith the shared secret k

- The wireless access point checks if the challenge iscorrectly encrypted, and if so, accepts the client

Front 294

What does the ability to modify and inject packets lead to for WEP?

Back 294

The ability to decrypt packets!

Front 295

How does WPA compare to WEP? (5)

Back 295

- Replaces CRC-32 with a real MAC (here called a MICto avoid confusion with a Media Access Controladdress)

- IV is 48 bits

- Key is changed frequently (TKIP)

- Ability to use 802.1x authentication server (but maintains less-secure PSK (Pre-Shared Key) modefor home users)

- Able to run on most older WEP hardware

Front 296

What problem does a VPN usually solve?

Back 296

Needing end-to-end security across networks

Front 297

How do VPNs work?

Back 297

Connect two (or more) networks that arephysically isolated, and make them appear to be asingle network

Front 298

What is the goal of a VPN?

Back 298

Adversary between the networks should notbe able to read or modify the traffic flowing acrossthe VPN

Front 299

How is a VPN set up?

Back 299

- One host on each side is VPN gateway (could be firewall, DMZ, laptop, etc)

- Traffic destined for "other side" sent to local VPN gateway

- Gateway uses cryptography to send traffic to remote VPN gateway (tunnelling)

- Remote VPN gateway decrypts messages and passes them on

Front 300

What is tunnelling?

Back 300

Sending of messages of one protocolinside (that is, as the payload of) messages of anotherprotocol, out of their usual protocol nesting sequence

Front 301

Is TCP-over-IP tunnelling? Why or why not?

Back 301

Not tunnelling

You’resupposed to send TCP (a transport protocol) over IP(a network protocol; one layer down in the stack)

Front 302

Is IP-over-TCP tunnelling? Why or why not?

Back 302

Is tunnelling

(going up the stackinstead of down), as are IP-over-IP (same place in thestack), and PPP (a link layer protocol; bottom of thestack) over DNS (an application layer protocol; top ofthe stack)

Front 303

What is a common way to set up a VPN?

Back 303

IPSec

Front 304

What modes exist for IPSec VPN setup?

Back 304

Transport mode

- Useful for connecting a single laptop to a home network

- Only the contents of the original IP packet are encryptedand authenticated

Tunnel mode

- Useful for connecting two networks

- The contents and the header of the original IP packet areencrypted and authenticated; result is placed inside anew IP packet destined for the remote VPN gateway

Front 305

What other ways exist to set up VPNs?

Back 305

Microsoft’s PPTP

- older protocol

- had about as many design flaws as WEP

- most users now migrating to IPsec

VPNs based on ssh

- Tunnel PPP over ssh (IP-over-PPP-over-ssh-over-TCP-over-IP)

- Some efficiency concern, but extremely easy to set up ona standard Unix/Linux box

- OpenSSH v4 supports IP-over-SSH tunnelling directly

Front 306

How was the protocol Secure Sockets Layer (SSL) used?

Back 306

Meant for protecting HHTP (=> HHTPS)

General and could be used to protect any TCP-based connection

Went through a few revisions, and waseventually standardized into the protocol knownas TLS

Front 307

How does TLS work? (6)

Back 307

1. Client connects to server, indicates it wants tospeak TLS, and which ciphersuites it knows

2. Server sends its certificate to client, whichcontains: host name, verification key, other administrative information, signature from a CA

3. Server also chooses which ciphersuite to use

4. Client validates server’s certificate (is its signature from a CA whose public key isembedded in the client (e.g., browser or app)? Does the host name in the certificate match the hostname of the web site that client wants to access?)

5. Client and server run a key agreement protocol toestablish keys for symmetric encryption and MACalgorithms from the chosen ciphersuite (Server signs its protocol messages with its signaturekey)

6. Communication now proceeds using chosensymmetric encryption and MAC algorithms

Front 308

What security properties are offered by TLS? (4)

Back 308

- Server authentication

- Message integrity

- Message confidentiality

- Client authentication (optional)

Front 309

Why is TLS the most successful Privacy Enhancing Technology ever? (3)

Back 309

- It comes with your browser (encouraged web server operators to bother paying$$ for their certificates)

- It just works, without you having to configure anything

- Most of the time, it even protects the privacy of yourcommunications (increasingly important due to the success of WiFi)

Front 310

What else may we want to protect beyond the content of messages? (2)

Back 310

- Metadata (who's sending the message to whom?)

- Existence of message

Front 311

What does unlinkably (long-term) and linkably (short-term) anonymity look like w/ Tor? (3)

Back 311

- no long-term identifier for Tor user

- if web server gets a connection from Tor today, and another tomorrow, can't tell if they're from the same person

- two connections in quick succession from same Tor node likely from the same person

Front 312

What are the levels of nymity for transactions? (4)

Back 312

Verinymity

Government ID, SIN, credit card #, address

Persistent pseudonymity

Noms de plume, may blogs

Linkable anonymity

Prepaid phone cards, loyalty cards

Unlinkable anonymity

Cash payments, Tor

Front 313

How is ssh usually used? (5)

Back 313

1. Client connects to server

2. Server sends its verification key(client should verify that this is the correct key

3. Client and server run a key agreement protocol toestablish session keys, server signs its messages (all communication from here on in is encrypted andMACd with the session keys)

4. Client authenticates to server

5. Server accepts authentication, login proceeds (underencryption and MAC)

Front 314

How can you authenticate with SSH? (2)

Back 314

Send a password over the encrypted channel

Server needs to know (a hash of) your password

Sign a random challenge with your private signature key

Server needs to know your public verification key

Front 315

Which is the better authentication method for ssh? Why?

Back 315

???

Front 316

What do remailers allow you to do?

Back 316

Send email without revealing own email address (pseudonymity useful for context)

Front 317

How did anon.penet.fi work? (4)

Back 317

1. Send email to anon.penet.fi

2. It is forwarded to your intended recipient

3. Your “From” address is changed toanon43567@anon.penet.fi (but your original address isstored in a table)

4. Replies to the anon address get mapped back to yourreal address and delivered to you

Front 318

What must be true for anon.penet.fi to work? (3)

Back 318

- No one’s watching the net connections to or fromanon.penet.fi

- The operator of anon.penet.fi and the machine itselfremain trustworthy and uncompromised

- The mapping of anon addresses to real addresses iskept secret

Front 319

What are type 1 remailers? How did they work?

Back 319

(cypherpunk)

Removed central point of trust, instead sending messages through a "chain" of several remailers with dozens to choose from

Each step in chain encrypted, remailers also delay/reorder messages

NO PSEUDONYMITY, NO REPLIES

Front 320

What are type 2 remailers? How did they work?

Back 320

- Constant-length messages

- Protections against replay attacks

- Improved message reordering

- Requires special email client to construct message fragments

Front 321

What was the purpose of nym servers?

Back 321

Mapped pseudonyms to "reply blocks" contained a nested encrypted chain of type 1 remailers

Attaching message to end of a reply block causes it to be sent down the chain to the nym owner

Front 322

What are type 3 remailers? How did they work?

Back 322

Native support for pseudonymity, no longer reliant on type 1 reply blocks

Improved protection against replay/key compromise attacks

Front 323

What is a problem with type 3 remailers?

Back 323

Not well deployed or mature

Front 324

What is Pretty Good Privacy?

Back 324

Protects contents of email messages

Uses public-key cryptography to provide:

- encryption of email messages (using hybrid encryption)

- digital signatures on email messages (hash-then-sign)

Front 325

What was the first popular implementation of public-key cryptography?

Back 325

Pretty Good Privacy

Front 326

How does hybrid cryptography work? (4)

Back 326

1. Pick random 128-bit key K for secret key crypt

2. Encrypt large message with K

3. Encrypt K using public key crypt

4. Send encrypted message and encrypted key

Front 327

How does public key cryptography work?

Back 327

Publicize public key, which people use to send encrypted messages to you

Use your private key to decrypt

Front 328

What is the difference between a stream cipher and One-Time Pad?

Back 328

One-Time Pad is assumed to be size of message (i.e. correct size)

Stream cipher takes in random key of any size and generates pseudorandom keystream of correct size

Front 329

What are the advantages (1) / problems (2) with stream ciphers?

Back 329

Advantage:

- can be very fast, useful for lots of data

Problems:

- Ineffective if same key used to encrypt different messages

- How do you get around generating new shared secret key for each message?

Front 330

How do block ciphers work?

Back 330

Operate on the message one block at a time, usually size 64-128 bits long

Front 331

What are some examples of modes of operation for multiple blocks in block ciphers? (4)

Back 331

Electronic Code Book ECB (will show repeating patterns for repeated blocks)

Require initial value (like salt):

Cipher Block Chaining CBC

Counter CTR

Gaolis Counter GCM

Front 332

What's the problem with checksums in encryption?

Back 332

Mallory can change the message in such a way that the checksum stays the same

Front 333

What three properties should cryptographic hash functions hold?

Back 333

Preimage-resistance

Given y, it’s hard to find x such that h(x) = y

Second preimage-resistance

Given x, it’s hard to find x' != x such that h(x) = h(x')

Collision-resistance

It’s hard to find any two distinct values x, x' such thath(x) = h(x') (a “collision”)

Front 334

When can hash functions provide integrity guarantees re: cryptography?

Back 334

Onlywhen there is a secure way of sending and/orstoring the message digest

Front 335

How do Message Authentication Codes (MAC) work?

Back 335

1. Have alarge class of hash functions, and use a sharedsecret key to pick the “correct” one

2. Only those who know the secret key can generate,or even check, the computed hash value

3. These “keyed hash functions” are called MACs

Front 336

How can we hybridize signatures?

Back 336

Alice sends the (unsigned) message, and also asignature on a hash of the message

The hash is much smaller than the message, and so itis faster to sign and verify

Front 337

What is the relationship between someone's (signature, verification) key pair and (encryption, decryption) key pair?

Back 337

When creating new (encryption, decryption) key pair, use signing key to sign public encryption key and other party uses her verification key to verify the encryption key

Front 338

What is harddrive encryption useful for?

What does it not protect against? (3)

Back 338

Protects data when laptopgets lost/stolen

- Does not protect data against other userswho legitimately use laptop

- Somebody installing malware on laptop

- Somebody (maybe physically) extracting thedecryption key from the laptop’s memory

Front 339

What handy thing does PGP automatically handle?

Back 339

Web of Trust

Front 340

What's an issue with PGP?

Back 340

Creates lots of incriminating records

- Key material that decrypts data sent over the publicInternet

- Signatures with proofs of who said what

Front 341

How does Perfect Forward Secrecy improve PGP?

Back 341

Use secret-key encryption with short-lived (session) key

Discard session key after use

Front 342

What does Perfect Forward Secrecy use long-term keys for?

Back 342

Authenticating Diffie-Hellman protocol messages

Front 343

What can you use if you don't want to use digital signatures (want repudiation), but want authentication?

Back 343

MACs

Front 344

What is OTR Messaging?

Back 344

Off-the-Record Messaging

Provides confidentiality and authentication

Uses Perfect Forward Secrecy and Deniability

Front 345

What is the most popular DBMS model?

Back 345

Relational

Front 346

What is a subschema?

Back 346

Result of a query

Front 347

What are the security requirements for databases? (8)

Back 347

- Physical database integrity

- Logical database integrity

- Element integrity

- Referential integrity

- Auditability

- Access control

- User authentication

- Availability

Front 348

What does logical and physical database integrity entail?

Back 348

Protect against corruption

Recovery from physical problems (power outage, disk crashes)

- periodic backups

- log of transactions

Front 349

What does element database integrity entail? (4)

Back 349

Ensure correctness/accuracy of database elements

- Access control to limit who can update element

- Element checks to validate correctness

- Change log to undo erroneouschanges

- Error detection codes to protect against OS orhard disk problems

Front 350

How does two-phase update work for databases?

Back 350

1. Gather info required for change, but don't perform updates

2. Make changes permanent

Front 351

What does referential database integrity entail? (3)

Back 351

- Each table has a primary key, which is a minimalset of attributes that uniquely identifies each tuple

- A table might also have a or multiple foreign keys,which are primary keys in some other table

- Referential integrity ensures that there are nodangling foreign keys

Front 352

What does auditability re: databases entail?

Back 352

Keep an audit log of all database accesses, allows to retroactively identify users who accessedforbidden data

Front 353

What kinds of data disclosure exist? (5)

Back 353

- Exact data

- Bounds

- Negative result

- Existence

- Probable value

Front 354

Security vs precision?

Back 354

Security

Forbid any queries that access sensitive data, even if (aggregated) result is no longer sensitive

Precision

Aggregated result should reveal as much non-sensitive data as possible

Front 355

Direct vs indirect attack re: data inference?

Back 355

Direct

Queries that directly yield sensitive info, possibly obfuscated to fool the DBMS

Indirect

Infer sensitive data from statistical results

Front 356

What are possible statistical inference attacks? (4)

Back 356

- Sum

- Count

- Mean

- Median

E.g.

SELECT SUM(salary)

SELECT SUM(salary) WHERE lastname != 'Adams'

Front 357

What is a tracker attack re: DBMS?

Back 357

Use "tracker" queries to break down a forbidden query into multiple allowed queries

Front 358

What are seven controls applied to data items re: statistical inference attacks?

Back 358

Suppression

Suppress sensitive data from result

Concealing

Answer is close to actual value, but not exactly

n-item k-percent rule

For the set of records that were included in the result, ifthere is a subset of n records that is responsible for overk percent of the result, omit the n records from result

Combined results

Report set or range of possible values

Random sample

Compute result on random sample of db

Random data peturbation

Add/subtract small random error before computing result

Query analysis

Maintain history of user's queries and observe possible inferences (costly, and fails for collusion)

Front 359

What is differential privacy? How can it be achieved?

Back 359

The response to a query should not depend on anindividual (not) being part of the dataset

Achieved by addingnoise to the result of a query before releasing it

Front 360

What's are 2 issues with data aggregation re: DBMS?

Back 360

Can build sensitive results from less sensitive information

Aggregation can take place outside DBMS making it difficult to control

Front 361

How do Multilevel Security Databases work?

Back 361

Each object has sensitivity classification (sensitive vs not sensitive), and possibly a set of compartments

An object can be an element, aggregate, column, or row

Front 362

Why is it difficult to implement *-property (no read up, no write down) in MLS database?

Back 362

- User doing a write-up, even though the user cannotread the data having higher sensitivity (Blind writes)

- Write-downs need a sanitization mechanis

- Trusted processes that can do anything (DBMS must have read and write access at alllevels to answer user queries, perform back-ups,optimize database, etc)

Front 363

How can polyinstantiation happen in a MLS database?

Back 363

Keeping existence hidden can lead to havingmultiple records with the same primary key, butdifferent sensitivity

Existence of the record itself could be confidential

Front 364

What are 3 other possible solution to polyinstantiation? What other issues does they each bring?

Back 364

Partitioning: separate database for each classification level

- Could store data redundantly in multiple db's

- Doesn't help high-level users access all level data

Encryption: encrypt data with key unique to class level

- Processing of a query becomes expensive, manyrecords might have to be decrypted

Integrity lock: data item has integrity level and cryptographic signature over the integrity level, attribute name, and record number

- This scheme does not protect against replayattacks

- Any (untrusted) database can be used to storedata items and their integrity locks

- Locks can consume lots of space (maybe multiple locksper record)

- Expensive trusted procedure handles access control andmanages integrity locks

- Have to encrypt items and locks if there are otherways to get access to data in database, even more expensive

Front 365

How does a trusted front end work re: DBMS? Advantage/Disadvantage?

Back 365

1. Front end authenticates user and forwards query to old-style DBMS

2. Front end gets result and removes what user shouldn't see

Advantage: allows use of existing DBMS and db's

Disadvantage: inefficient if returns lot of items that are eventually dropped

Front 366

How do commutative filters work re: DBMS?

Advantage/Disadvantage?

Back 366

Front end rewrites user query according to classification (removing restricted attributes, add constraint with user's class)

Advantage: uses DBMS' superior query processing and discards forbidden data early on

Disadvantage: front end may still have to do post processing

Front 367

How do distributed/federated db's work re: DBMS?

Disadvantages?

Back 367

Based on partitioning, front end forwards user query only to database according to user's classification

Disadvantages:

- Front end may have to combine results from multiple db's, complex process that essentially makes front end a DBMS

- Doesn't scale to lots of classifications

Front 368

How do views work re: DBMS?

What can they be used for?

Back 368

Logical database that represents a subsetof some other database

- Element in view can correspond to an element inunderlying database or be a combination ofmultiple elements

- A user’s view of a database consists of only the datathat the user is allowed to access

- Hide attribute/row unless user is allowed to access atleast one element, set to UNDEFINED any elementsthat user can’t access

Front 369

Truman vs non-Truman semantics?

Back 369

Truman semantics: DBMSpretends that the data the usercan access is all thedata there is

- All queries will succeed, even ifthey return incorrect results

Non-Truman semantics: theDBMS can reject queries thatask for data the user is notallowed to access

- Any queries that succeed willproduce precise answers

- Some queries will fail

Front 370

What does data mining try to do?

Back 370

Tries to automatically find interestingpatterns in data using a plethora of technologies

Front 371

What security problems arrive wrt. CIA for data mining?

Back 371

Confidentiality

Data mining can reveal sensitive info

Integrity

Mistakes in data can lead to wrong conclusions that can make a negative impact

Availability

(In)compatibility of different db's make combining difficult, have to distinguish between inability to combine vs inability to find correlation

Front 372

How may you preserve privacy in data release?

Back 372

Anonymize data records before releasing, though simple anonymization may not be sufficient

(hashed info may be easier to crack than thought, k-anonymity)

Front 373

How many ppl can be uniquely identified by ZIP, gender, and DoB?

Back 373

87% of US population

Front 374

What is k-anonymity?

Back 374

For each released record, at least k-1 other released records from which record cannot be distinguished (k >= 2)

Front 375

What is a particular difficulty with k-anonymity?

Back 375

Choosing quasi-identifier (which attributes are to be omitted such that they are highly identifying)

Front 376

What is a homogeneity attack?

Back 376

If you know Bob (902**,1965-*-*) is in the table, thenBob has cancer

Front 377

What is a background knowledge attack?

Back 377

If you know Dave (9043*,195*-*-*) is in the table, andthat his risk for heart disease is very low, then Davehas cancer

Front 378

What is the l-diversity property?

Back 378

For any quasi-identifier, there should be at least l “well-represented” values of the sensitive fields

Front 379

What is an improvement on l-diversity?

Back 379

t-closeness

Ensure that the distributions of the values for anyquasi-identifier are within t of the distribution for thewhole table

Front 380

How does value swapping help re: DBMS inference?

Back 380

- Any linking done on the released records can nolonger considered to be necessarily true

- Trade off between privacy and accuracy

- Statistically speaking, value swapping will makestrong correlations less strong and weakcorrelations might go away entirely

Front 381

How does adding noise help re: DBMS inference?

Back 381

- Given distribution of data after perturbation andthe distribution of added errors, distribution ofunderlying data can be determined , but not its actual values

- Protects privacy without sacrificing accuracy

Front 382

What is involved in sampling/synthetic data?

Back 382

Release only a subset of respondents’ data (e.g., a 1% sample) with geographic coarsening and top/bottom coding

Geographic coarsening: restrict geographic identifiers to regions containing at least a certain population(e.g., 100,000 people)

Top/bottom-coding: if there are sufficiently few respondents over age 90, top-coding would replace all ages ≥ 90 with the value 90

- Build a distribution model based on gathered data and use the model to generate synthetic data with similar characteristics to original data

- Release one (or a few) sets of synthetic data

Front 383

What is a security plan?

Back 383

A document put together by anorganization that explains what the security goalsare, how they are to be met, and how they’ll staymet

Description of current state + plans for improvement

Front 384

What are the 7 parts of a security plan?

Back 384

- Policy

- Current state

- Requirements

- Recommended controls

- Accountabilty

- Timetable

- Continuing attention

Front 385

What should the policy statement in a security plan include? (3)

Back 385

- Goals

- Responsibility

- Commitment

Front 386

What should the current state statement in a security plan include? (3)

Back 386

- Risk analysis with current status

- List limits of security responsibility

- Privacy Impact Assessment (PIA)

Front 387

What should the requirements statement in a security plan include? (4)

Back 387

- What needs does the organization have?

- Who is allowed/not allowed to do what?

- What audit logs should be kept?

- Should ongoing effectiveness be measured?

Front 388

What should the recommended controls statement in a security plan include?

Back 388

List mechanisms to control vulnerabilities described in current state, satisfy needs in requirements, and take into account priorities in policy

Front 389

What should the accountability statement in a security plan include?

Back 389

Who is accountable if security controls aren't implemented, aren't implemented properly, or fail?

Front 390

What should the timetable statement in a security plan include? (3)

Back 390

- Lists how and when elements of plan will be performed

- Notes dependencies and order

- Includes milestones to track progress

Front 391

What should the continuing attention statement in a security plan include?

Back 391

List process for periodic review and updating of plan itself

Front 392

Who writes the security plan? Who should be included? (6)

Back 392

Security planning team

- Upper management (for setting policy)

- IT

- Systems and application programmers, DB admins

- Data entry personnel

- Physical security personnel

- Representative users

Front 393

What is a BCP?

Back 393

Business Continuity Plan

Focuses on availability

Deals with catastrophic or long-duration situations

Front 394

What should a BCP include? (3)

Back 394

- Who is in charge when catastrophe occurs

- What needs to be done

- Who will do it

Front 395

What can you do in addition to creating a BCP? (4)

Back 395

- Acquire redundant equipment

- Arrange for regular data backups

- Stockpile suppliezs

- Train employees to react to situation

Front 396

What should be included in an Incident Response Plan?

Back 396

- Legal issues

- Preserving evidence

- Records

- Public relations

Front 397

What are the two characteristics of risk?

Back 397

Probability

Impact: what harm will happen?

Front 398

What is risk exposure?

Back 398

Probability x impact

Front 399

What are the steps for risk analysis? (6)

Back 399

1. Identify assets

2. Determine vulnerabilities

3. Estimate likelihood of exploitation

4. Compute risk exposure

5. Survey applicable controls

7. Project savings due to control

Front 400

What assets may we want to protect? (6)

Back 400

- Hardware

- Software

- Data

- People

- Documentation (including security plans)

- Supplies

Front 401

What is something you can use to help identify likelihood of risk?

Back 401

Frequency analysis

Front 402

What are the two major classes of physical threats?

Back 402

Nature & Human

Front 403

What are tiger teams?

Back 403

Teams of security professionals that you hire to try to hack your system

Front 404

How can reverse engineering impact a trade secret?

Back 404

If someone successfully reverse engineers the trade secret, you lose the trade secret protection

Front 405

What are some examples of patented cryptographic algorithms? (4)

Back 405

- Diffie-Hellman (expired 1997)

- RSA (expired 2000)

- IDEA (block cipher used in early PGP, expired 2012)

- Lots of patents on elliptic curve cryptography

Front 406

What is the difference between copyright and patent?

Back 406

Patent protects invention

Copyright protects expression/implementation of invention

Front 407

What are the four tests for fair use in the US?

Back 407

- the purpose and character of the use, including whethersuch use is of a commercial nature or is for nonprofiteducational purposes;

- the nature of the copyrighted work;

- the amount and substantiality of the portion used inrelation to the copyrighted work as a whole; and

- the effect of the use upon the potential market for orvalue of the copyrighted work

Front 408

What are the appropriate uses under fair dealing in Canada? (8)

Back 408

- Private study

- Reserach

- Criticism

- Review

- News reporting

- Education

- Parody

- Satire

Front 409

What is the DMCA? What were the problems (2) with it?

Back 409

Digital Millennium Copyright Act

It didn’t make any additional acts of making copiesillegal; rather, it made illegal the circumvention ofa technological copy protection mechanism thatmight be in place

Problem: this applies even when the copyprotection mechanism is broken to make a “fairuse” copy!

Problem: Also made illegal the manufacture, selling, or“traffic” of devices that might help you circumventsuch mechanisms

Front 410

Full disclosure vs Responsible disclosure?

Back 410

Full disclosure (preferred by people, not vendors)

When you find a problem, post to full disclosure mailing list of security professionals

Responsible disclosure (preferred by vendors)

Tell the vendor, tell no-one else for 30 days