Sample Final Exam Questions & Answers
COMPSCI 725 Software Security
Clark Thomborson
Computer Science Department, University of Auckland
1st May, 2001
Instructions:
This exam will not be graded.
Write your answers on a separate sheet.
Do not write your name on your answer sheet. If you turn in an answer sheet to me at the end of this class
period, I may use one or more of your answers in a class discussion.
A. Legal, Ethical and Conceptual Frameworks
1)
Professor
Charles W Turner, of IEEE’s Member Conduct Committee, recently wrote, “It is
clearly unethical to pursue patent protection while ignoring or denying the
existence of prior work elsewhere in the world...”
In approximately
50 words, analyse Professor Turner’s statement in terms of any one of
the ethical systems discussed in class:
·
Pfleeger’s
“universal, self-evident, natural rules” (right to know, right to privacy,
right to fair compensation for work);
·
Sir David
Ross’ duties (fidelity, reparation, gratitude, justice, beneficence, nonmaleficence,
self-improvement);
·
Christian
ethics (Mosaic law, faith, hope, love, charity, Golden Rule);
·
Confucian
ethics (Jen, Chun Tzu, Li, Te, Wen);
·
Islamic
ethics (economic, social, military, religious).
Student answer #1: “By considering Pfleeger’s “universal,
self-evident, natural rules” we see that Professor Turner’s statement is
justified, because by ignoring or denying the existence of prior work (x) the
“right to fair compensation for work” is violated for the producer of x”.
Instructor’s comments: Nicely argued but not fully
considered. I would deduct 2 marks
because the student hasn’t indicated whether or not they consider the other
elements of Pfleeger’s rules are relevant to this situation. In most ethical analyses, more than one rule
is relevant. Often there is a trade-off
between rules, for example you might have to find an ethical balance between a
right-to-privacy and a right-to-know in some situations. Mark: 8/10.
Student answer #2: “a) We use the existence of prior
work to judge whether we should give out a patent protection right to a
particular piece of work. In Pfleeger’s
“universal, self-evident, natural rules”, it says everyone has the right to
know the existence of prior work that had been released from copy right or
patent protection. As from society’s
point of view, everyone should enjoy sharing the benefits from releasing patent
protection, as a feedback to the society.
“Also everyone has the right to privacy: i.e.
everyone has the right to pursue a patent protection on their products, as long
as it satisfies the rules and conditions specified.
“If the patent protection has been violate by some
organisation, the owner of the patent protection has the right to ask for
reasonable compensation of using any relative part of their patent. Therefore, it is unethical to pursue patent
protection in a way while ignoring or denying the existence of prior work.”
Instructor’s comments: I’m confused by this student’s
first two paragraphs. It seems almost
certain this student doesn’t realise that a patent is a publication. A patent doesn’t confer a right of privacy
on the inventor, instead it requires publication. Here’s how it works. The
inventor must disclose their invention to the patent examiner. The inventor’s disclosure becomes public
either when the patent is issued (under US patent law) or twelve months after
filing (elsewhere). So the student’s
points about right-to-know and right-to-privacy are inaccurate. In the last paragraph, I presume the student
is arguing that an inventor has an ethical right (as opposed to a legal right)
to reasonable compensation, although it is not at all clear how this ethical
right relates to the “ignoring or denying” scenario of this question. Instead the student suggests that the
inventor’s right to compensation is only transgressed when some organisation
has violated (in some unspecified way, to some unspecified extent) the
patent. The student has written an
answer that is overly long (approx 150 words) to make just one point of
questionable relevance; moreover their answer suggests that this student has a
fundamental misunderstanding about patent law.
Mark: 0/10.
Student answer #3: “In terms of traditional Christian
ethics, C. Turner’s statement would appear unfair in two possible ways. It would be unfair from the point of view
that if you sought a patent while prior work was known to exist, you would
violate the “do unto others” sense of morality. It would also violate the ethics from the point of view that
“sharing” or giving of ideas is considered important also, and as such, patents
place the individual’s interests above that of the “whole”.
Instructor’s comments: Excellent! This student cogently explains how the communal
ideals of some Christians, notably the Essenes, would apply to our situation. These ideals were not discussed in class,
however Biblical support is easy to find, e.g. “Ye cannot serve God and mammon”
(Matthew 6:24). Further discussion of
the ethical challenges facing Christians in a capitalistic society can be found
in many scholarly texts, sermons e.g. http://www.pbc.org/dp/stedman/possessions/0068.html,
and lay debates, e.g. http://www.mcspotlight.org/cgi-bin/DR/message.pl/multis?mID=2016.
Mark: 10/10.
2)
If an
attacker clones a cellphone, and thereby gets access to the cellphone owner’s
voicemail inbox, what integrity expectation of the cellphone’s owner could be
violated? Answer in approximately 50 words,
being careful to define a specific integrity expectation that could be attacked
in this way, and how this integrity expectation could be violated.
Student answer #4: An attacker would be violating an
individual’s right to privacy, an individual should reasonably expect that the
voicemail inbox of their cellphone could only be accessed by them, and for an
attacker to access it it no longer remains an individual’s personal and private
information.
Instructor’s comments: This student discusses privacy,
which is an aspect of confidentiality.
I see no sign that this student understands the fundamental distinction
between confidentiality and integrity, otherwise the student would surely have
specified “write access” rather than the read-only access that is implied by an
expectation of privacy. Mark: 0/10.
Student answer #5: The integrity expectation that
could be attacked is the expectation that the information is not accessible by
unauthorised people, and that information is valid (and thus not added to or
removed). Once the attacker has cracked
in, the first expectation has become voided.
If the attacker begins playback, and starts removing messages from the
mailbox then the second expectation has been violated.
Instructor’s comments: This student’s first
expectation is one of confidentiality; the second is one of integrity. As with Student #4, I see no indication that
this student understands the difference between confidentiality and integrity,
however I’ll award partial marks because this student did clearly identify an
expectation of integrity and how it could be attacked. Mark: 5/10.
Student answer #6: If an attacker clones a cellphone,
he/she can use that cellphone to make a phone call while the cellphone owner
may not be able to make a call, this breaks the availability of the
service. The attacker can access to the
cellphone owner’s voicemail inbox, hear the owner’s voicemail, this breaks the
privacy of the service. And the
attacker can make a voicemail to another people using the owner’s
identification.
Instructor’s comments: This student describes three
expectations and three attacks, however none of these are on the integrity of
the cellphone owner’s voicemail inbox. Mark: 0/10.
B. Applications of Cryptography
3)
Name, and
briefly describe, three applications of PKI.
Your answer should consist of three sentences of the form “PKI can be
used for X, which is …” Each sentence should be approximately 15 words in
length.
Student answer #7: 1) PKI can be used for
identification, user can use PKI to identify himself to the receiver which will
also have a copy of the PKI.
2) PKI can be used for authentication, if the PKI
given is correct a user will be authenticated & therefore able to receive
connection and have access to their personal information.
3) PKI can be used to transmit data, the correct PKI
can be use to help encrypt/decrypt data using the proper keys.
Instructor’s comments: This is an excellent synthesis
of material from several readings, marred by a consistent error in its usage of
the acronym “PKI”. It seems that this
student doesn’t understand that PKI is an “infrastructure” (or set of protocols
and databases) that can be accessed to 1) create a public/private key pair, 2)
verify a public key is consistent with another form of identification, 3)
discover someone else’s public key, etc.
This student seems to think “PKI” means a public/private key pair. I would mark this answer down severely if we
had a required reading that defined & discussed PKI clearly, however
because we have had no such reading my mark for this answer is 9/10.
Student answer #8: i) PKI can be used to ssh, scp,
sftp which are secure, encrypted replacements for rsh, rcp, ftp on Unix
systems.
ii) PKI can be used for https which is a secure http
protocol allowing the sharing of sensitive data such as credit card numbers
over the web.
iii) PKI can be used for authenticating businesses to
banks and vice versa for the security of credit card transactions online. (ii is for clients to businesses.)
Instructor’s comments: This student demonstrates
excellent understanding of reading beyond the course requirements. Mark: 10/10.
Student answer #9: PKI can be used for password
transmission, which lets only the computer with the password database read the
transmitted password.
PKI can be used for identity verification when dealing
with a bank or other secure facility.
PKI can be used for authoring proof, for example
embedding a coded watermark in a picture that only the real author can decode.
Instructor’s comments: This student makes a good
attempt at synthesising the class readings that have mentioned PKI. However the first application is unlikely
(there are simpler & much more efficient protocols for secure password
challenge/response than sending a PKI-encrypted message), and the third
application is at best unclear (at worst it is incorrect). Mark: 7/10.
C. Secure Software Design Techniques
4)
The overall
goal of the S.E.E. Mail project is “to facilitate the exchange of email and
documents using the Internet” among agencies of the New Zealand
Government. Here is a question/answer
pair appearing on a webpage entitled “S.E.E. Mail – Frequently Asked Questions”
(http://www.e-government.govt.nz/projects/see/mail6.html):
Why doesn’t
S.E.E. Mail encrypt the “To:”, “From:” and “Subject” fields?
S.E.E. Mail
products are “Off-The-Shelf” commercial offerings. They have not been customised.
Accordingly we have had to live with the vendors’ implementations of the
S/MIME standard.
a)
One of the
articles you read this term used a four-letter acronym, instead of the phrase
“‘Off-The-Shelf’ commercial offerings’”.
What was this acronym?
b)
Write a total
of approximately 50 words, listing and very briefly explaining two advantages
and two disadvantages of the S.E.E. Mail project’s decision to use
“‘Off-The-Shelf’ commercial offerings’.
Student answer #10: 4a. 4-letter acronym: ?
4b. Advantages: 1) easy to find the answer
2) easy to access the documents, no need to use
complicated way to encry or decrypt the message
Disadvantage: 1) cannot prevent malicious tampering
2) cannot hide secret completely.
Instructor comments: This answer is almost
incomprehensible, and doesn’t show any understanding of the security
implications of using COTS to implement the S.E.E. Mail project of the NZ
Government. Mark: 0/10.
Student answer #11: 4a. [no answer]
4b. Advantages of “off-the-shelf commercial offerings”
are 1) It’s cheap to buy exist product
than to developer one by self.
2) It is not easy for some local attacker who know
some of the bank system to attack the server in other country.
Disadvantage: 1) Long distance communication involve
would suffer more traffic problem.
2) Have not totally control of the server.
Instructor’s comments: The student makes one valid
point (advantage #1), two irrelevant points (advantage #2, disadvantage #1) and
one vague point (disadvantage #2). It
seems clear that this student has a sketchy understanding of the concept of
COTS, and how it relates to secure software design for email & document
exchange. Mark: 3/10.
Student answer #12: 4a. COTS,
“Commercial-off-the-shelf”
4b. Benefits: 1) fast deployment, 2) better service
& technical support.
Disadvantage: 1) security flaws on particular users,
can’t fully satisfy specific security needs, e.g. users security model is
restricted by the security functions of the system. 2) Easily suffer attacks aming [?] to a whole class of systems.
Instructor’s comments: Nice work! The discussion is somewhat non-specific to
the application (of email & document exchange) however students had only a
few minutes to answer each question so I can’t expect too much in the way of
creative analysis. Mark: 10/10.
Student answer #13: 4a. COTS - Commercial off the
shelf software.
4b. Using an existing system “of the shelf” allows
S.E.E. Mail Project to know and have a highly known and publicly open system,
such that both positive and negative things are already known about it. Support and patches are often well provided
by, companies but also in being well known/used it would be more easily
“cracked” if the source is around.
Instructor’s comments: This student has identified
only one disadvantage; otherwise their answer is fine. Mark: 8/10.
D. Copy Detection and Prevention
5)
Cox and Linnartz distinguish between “restricted-key” and
“unrestricted-key” watermarking. In
“restricted-key” watermarking, a small number of highly trusted receivers can
read the watermark. In
“unrestricted-key” watermarking, a very large number of weakly trusted
receivers can read the watermark. For
the case of recorded media such as music, both types of watermarking are
important. Restricted-key watermarks
could be discovered by trusted agents of a media company, who monitor
broadcasts (on radio, television and the web) for copyright and licensing
infringements using special receivers.
In approximately
50 words, explain the purpose and operation of an unrestricted-key watermarking
system that is implemented in contemporary DVD players.
Student answer #14:
DVD player has the watermark reading chip in it,
Instructor’s comments: Mark 0/10.
Student answer #15: Unrestricted-key is used to show
the copyright of the product and also limits copying of the media.
Instructor’s comments: This answer shows some
understanding of the purpose of the unrestricted-key watermark system in DVD
players, but no understanding of its operation. Mark: 2/10.
Student answer #16: An unrestricted-key watermarking
system is used for preventing unwatermarked DVD played in a DVD player. A DVD player has a mechanism to verify the
watermark key in the DVD. If the
watermark is found, plays the DVD, else refuse to play the DVD.
Instructor’s comments: This student shows
understanding of how a DVD player might be designed to use watermarks. However, the DVD system described in the
article is quite different, as it will in fact play a DVD that has no
watermarks. The only DVDs that are
“refused” are those with a damaged or otherwise invalid watermark. Mark: 4/10.
Student answer #17: The purpose of unrestricted-key
watermarking system that is implemented in DVD players is to protect
copyrighted work (i.e. movies etc.) It
operates as follows: if DVD player detects a watermark in a movie image, it
determines whether the watermark is “intact”.
If it is not, meaning the movie image is a pirated copy, and it stops
playing the movie. In this case,
unrestricted-key watermarking is used because, there are large number of DVD players
(receivers) can read the watermark, but these DVD players are weakly trusted
because the owner of the DVD player might have modified the DVD player to play
the pirated DVDs.
Instructor’s comments: This student shows good
understanding and recall of some required reading in this class. Mark: 10/10.
Instructor’s summary comments, on 17 sample
answers. My average mark is about 5/10, which would be dismal for a final
exam in a postgraduate paper. However, I
believe that most of the students in this class have not done all the assigned
reading. I therefore see great chance
for improvement in average marks on the final – if most of you make an effort
to catch up on your reading, so that you are able to answer questions on the
basic concepts and applications of software security.