InfoSec/Theory Qualification Exam. Fall 2008 The exam is 135 points total. The passing score is about 60 points (partial credit counts). You have to acceptably solve at least one problem in each of the following sets: complexity theory (problems 1-2), algorithms (problem 2), system security (problems 4-6), network security (problems 7-9), cryptography (problems 10-12). Theory problems (1,2,3) are 15 points each. 3. 4. (10 points) Access control mechanisms and policies form a critical part of a system that wants to limit access to protected resources to authorized users. The access control matrix abstraction captures how access control can be specified and several implementations exist for this abstraction in various operating systems (access control lists, capabilities etc.). Attribute based access control has recently become popular and it is based on the observation that to access a resource, the source of a request must be able to demonstrate that several attributes about it hold. For example, access can be limited to students at Georgia Tech who are in a certain school and are currently enrolled in a class. a. Choose an operating system and discuss how attribute based access control can be implemented by it using the underlying access control mechanisms that are provided by the system. Provide details of your implementation. If you think this cannot be done, discuss the reasons why this is not possible. (1/3 credit) b. Is there any relationship between attribute based access control and role based access control? Sketch scenarios where it may be better to use one over the other. (1/3 credit) c. Attributes can be associated with sources of requests for resources but resources may have attributes as well. For example, files may have public or sensitive data or other kinds of attributes may be possible similar to labels in multi-level security systems. Would you advocate attributes for both users and resources? If your answer is yes, justify it and outline example access control models where this could be used. Otherwise, discuss why this is not useful. (1/3 credit) 5. (10 points) Virtualization is viewed as an important technology and there are claims about the benefits it could offer for systems security. However, virtualization presents several challenges as well. a. The x86 architecture presented problems for virtualization and techniques like paravirtualization had to be developed. What were the problems with the x86 architecture? Give examples of x86 instructions and discuss why they presented problems for virtualization. How does Intel virtualization technology (VT) address this? (1/3 credit) b. A system that employs multiple virtual machines can potentially provide better security because a compromise of one virtual machine does not impact others. However, application or guest OS could still have vulnerabilities and the possibility of a compromise always exists. Thus, it is useful to monitor virtual machines even in virtualization based systems. The monitoring could be implemented in each guest virtual machine, a trusted virtual machine (e.g., service domain in Xen based systems) or in the hypervisor. Discuss the pros and cons of each of these and outline the approach that you think is the best. (2/3 credit) 6. (10 points) At the recent GTISC Security Summit, one of the panelists said that he is still hoping for the day when we will have multi-level security. Also, leakage of sensitive data is a serious problem that many enterprises face. a. Would the data leakage problem go away if we could develop viable multi-level security implementations of systems and services that are widely deployed over the Internet today? (1/3 credit) b. Can one adapt the old models like Bell and La Padula in the web setting of today for accessing remote services? (1/3 credit) c. If you believe in the feasibility of this approach, discuss some of the challenges we will face in implementing it. (1/3 credit) 7. (10 points) A number of different techniques have been proposed to combat Denial of Service (DoS) attacks. Most prominent among these solutions are traceback and pushback. a. What is traceback and how does it work? How can it be implemented in real networks? Name two assumptions that must hold true in order for traceback to work. (3pts) b. What is pushback and how does it work? How can it be implemented in real networks? (2pts) c. Why has neither scheme been implemented in real networks? (5pts) 8. (10 points) An unsavory guest staying at a hotel using traditional mechanical keys may create a copy of the key so that she can later reenter the room for burglary. To eliminate this threat, the hotel has asked you to design an electronic keycard system to replace the traditional keys and locks. A reader at each guestroom door reads a keycard issued by the hotel to guests staying in the room and unlocks the door only for authentic, current keycards. The readers are simple, battery-powered devices that do not support public-key cryptographic operations. They are not tamper-proof in that you cannot assume the data they store cannot be read. The protocol by which the door reader verifies the authenticity of a keycard must satisfy the following properties: - A current keycard will repeatedly unlock the door. - Once a new guest unlocks the door, all keycards for previous guests of that room will no longer unlock the door. (This prevents a thief who copied her keycard from reentering the room once new guests arrive.) - There is no network connection between the front desk, where keycards are programmed, and the door reader. The hotel staff should not need to manually reprogram the reader for each new guest. - Both the door readers and the keycards can store only 20 bytes of data in non-volatile storage. - The door reader must before requiring reprogramming. authenticate keycards for at least three years Design a keycard authentication protocol satisfying the requirements above. What 20 bytes of data do you initially program into the reader? Why does your protocol prevent reuse of old keycards? 9. (10 points) What is DNS cache poisoning? Please provide two alternatives to defend against DNS cache poisoning attacks. 10. (9 points) Why is it important that hash functions are collision-resistant and one-way? Are these orthogonal properties or one property implies another? 11. (9 points) Instead of the standard IND-CPA security for symmetric encryption schemes one could have an alternative definition asking that it be hard to distinguish between random strings and ciphertexts of messages of the adversary’s choice (having the random strings of the corresponding length, of course). What do you think about this definition? Why isn’t it widely used? 12. (12 points) Assume a public-key encryption scheme for single-bit messages. Show that, given pk and a ciphertext c computed by encrypting a random message m under pk, it is possible for an unbounded adversary to determine m with probability 1. (That shows that perfectly-secure public-key encryption is impossible.)