Sample Final Exam Questions (with Sample Student Answers)
415.725SC Software Security
Clark Thomborson
Computer Science Department, University of Auckland
18 September, 2000
Instructions: This exam will not be graded. Write your answers on a separate sheet. Do not write your name on your answer sheet. If you turn in an answer sheet to me at the end of this class period, I may use one or more of your answers in a class discussion.
A. Legal,
Ethical and Conceptual Frameworks
1) Consider the three goals of security, defined in Pfleeger’s book: confidentiality, integrity, availability. Also consider his classification of assets: hardware, software, data.
Which of Pfleeger’s security goals, for which of Pfleeger’s asset classes, are protected by the following clause of the Computer Science Department’s Computer Systems Regulations of 17 September 1999:
“No person shall … use a login name other than the one(s) assigned to that person by the Department or allow any other person to use that person’s login name(s) to access one of the Department’s computer systems without the express permission of the Director of that system.”
Explain your answer briefly (in approximately 50 words).
Student 1: The users login
(data) (and password) is confidential as it is ONLY for a specified user. It is NOT for anyone else. It also has an integrity aspect where
whoever has the login can change the password portion of it.
Also there are weak links to other aspects of Swe [illegible word, possibly a variant of “SW” as an abbreviation for software?] data integ/confid avail. Whoever shouldn’t accesses the system has access to whatever’s on the system.
My evaluation: C+. Except perhaps in an illegible phrase, this
student didn’t realise that the clause covers software and hardware, as well as
data. Confidentiality is correctly
noted, however the student didn’t realise that the authorisation aspect of
Pfleeger’s “integrity” goal is the primary focus of the quoted clause.
Student 2: This covers
confidentiality and integrity.
Confidentiality because the users whose account is being used has a
right to privacy in his or her home dir.
Integrity because the account may have access to resources that the
“hacker” should not have access to, the hacker may alter data structures in a
way s/he shouldn’t. It covers all the
classification of assets as using a given account may give unauthorized access
to any of the items, hardware (changing h/w settings), software (running
unauthorized s/w) and data (access to data).
My evaluation: A-. This student correctly identifies the goals
and asset classes, in an answer that indicates good understanding. A minor defect in the answer is that it
doesn’t consider the context of the quoted clause, leading to a misplaced
emphasis on confidentiality. It is
reasonable to suppose that these regulations (and this clause in particular)
were designed primarily to insure the integrity of the computer science
department’s assets, not to protect the confidentiality of our users – so
confidentiality is a secondary goal, not a first-equal goal to integrity as is
suggested in this student’s response.
B. Cryptographic Authentication, e-Commerce, and Secure Communication
2) The first step in Aucsmith’s “Identity Verification Protocol” is F0 = ( HA == K1A[ K-1A[ HA ] ] ). In this formula, the variables have the following definitions:
· HA is a hash value computed over the code of module A,
· K-1A is a private key of the Integrity Verification Kernel (IVK) embedded in module A,
· K1A is a public key of the IVK embedded in module A,
· F0 is a flag value indicating the success or failure of an operation, and
· K-1A[ HA ] is the signature of module A under A’s private key. This value was computed at compile-time and is stored in some secret fashion within module A.
Which of the following phrases best describes this step in Aucsmith’s IVP?
a) A verifies self
b) A challenges E
c) F verifies self
d) E responds to A
e) E verifies A
f) A checks response
Student 3: e
My evaluation would be deferred until I
read their answer to the following question, giving this student a chance to
explain this unexpected answer. The student
is confusing the first step of Aucsmith’s protocol with the fourth step, which
is “E verifies signature of A and reports any failure F2 = ( HA
== K-1E[ K1E[ HA ] ]
). However I wouldn’t expect students
to recall all details of a complex protocol so I would be open to giving
partial credit to a plausible but incorrect answer.
Student 4: A verifies self.
My evaluation: A. (Note: your final exam script will show a total number of marks possible
for each question. I would give equal
weight to each of the five sections of this sample exam, and I would give less
weight to a multiple-choice question like this one. So if this sample final were a 100-mark test, question 2 would be
a 5-mark question and question 3 would be a 15-mark question.)
3) Briefly explain (in approximately 50 words) the individual calculations or function evaluations made during the first step in Aucsmith’s IVP.
Student 3: 1) encrypt HA with securet [sic] key of K-1A;
2) decrypt the K-1A[ HA ] with
public key of K1A; 3) matching the result
from previous two steps with HA. If they are matching, set F0
to true otherwise set to false.
My evaluation: D. This student has made a major error in their
answer, incorrectly including a preprocessing step (of computing the signature
of A under A) in their description of the operations that would be taken at
verification-time in Aucsmith’s IVP. The
student has made a second major error, by not clearly identifying the (rather
time-consuming) computation required to obtain the current value of HA by computing a hash-digest over the current code
and static data in module A. The
student has also made a minor error of misspelling the technical phrase “secure
key”. (There are several grammatical
errors in this answer, however it is quite understandable except for the
technical confusion that would arise if I were to translate the misspelled word
“securet” into “security”. So these grammatical
errors would have no effect on the student’s grade.) This student is saved from an “F” grade on this question by their
appropriate use of the descriptive terms “encrypt” and “decrypt” in their
explanation.
Student 4: a) Firstly A computes a
hash of its own code as it is currently running. b) K-1A[ HA
]: this is a stored value. When
the module was compiled by the distributer [sic] the hash was calculated and
encrypted with A’s private key to give this value. c) K1A
[ … ]: A decrypts the stored hash value using its public key. This occurs at run-time. It therefore recovers the original hash
value that was calculated at compile time.
d) HA = K1A
[ …] : The current hash and compiled hash are compared. e) F0 = ( … ):
If they mismatch the flag is set to failure.
My evaluation: A. The student shows excellent understanding of
the protocol, by describing each step in good detail without making any
technical errors. I would not mark down
the misspelled word “distributor” because it is not a technical error. I am pleased to report that most students
did very well on this question in the sample exam.
C. Protection of Hosts
4) Briefly describe one assumption about computer system security, which is valid for non-mobile systems, but is violated for mobile code systems.
D. Copy Detection
5)
Consider
the following images.
Figure 1. Checkerboard.
Figure 2. Copyright Notice.
Sketch the image that would result if the
Checkerboard (Figure 1) is watermarked with the Copyright Notice (Figure 2),
using the least-significant bit embedding described in the paper by Johnson and
Jojodia.
6)
Characterise the watermarked image you
constructed in your answer to the previous question, in terms of its fidelity,
robustness, and security. Use the
definitions of Matheson et al. for these terms.
E. Copy Prevention
7) Consider the following assertion: “Any secrets carried in Java bytecode written today, could be easily attacked tomorrow by a reverse engineer who has access to the decompiler described by Proebsting and Watterson.” Make a brief argument for, or against, this assertion.