142831945X_237828

advertisement
Answer Key for Software Security Technologies
Richard Sinn
Chapter 1
Review questions
1-1
faked, trustworthy
1-2
An attacker maliciously changes data in transit or in medium.
1-3
Confidentiality, Authentication, Integrity
1-4
Entity Authentication provides identification of the specific entity involved in isolation
from any other activity that the entity might want to perform. Data Origin Authentication
is also called non-repudiation, it identifies a specific entity as the source or origin of a
given piece of data.
1-5
Single, secret
1-6
P[i] = KS[i] XOR C[i]
1-7
Digits, digit
1-8
The cipher in ECB takes a single block of plaintext and produces a single block of
ciphertext.
1-9
In CBC mode, the encryption of each plaintext block depends on the ciphertext of the
previous block.
1-10
CFB mode turns a block cipher into a stream cipher.
1-11
OFB is another way of changing a block cipher into a stream cipher. It generates the next
keystream block by encrypting the previous keystream block.
1-12
stream
1-13
Dictionary attack is the general technique of guessing a secret (such as key or password)
by running through a list of possibilities, often a list of words from a dictionary.
1-14
2a/2
1-15
For encryption of first block.
1-16
Snooping.
1-17
The algorithm becomes the same as DES and 3DES hardware can be made to
interoperate with DES hardware.
1-18
False, RC4 is a stream cipher.
1-19
d
1-20
Preimage resistant, Second preimage resistant, Collision-resistant.
1-21
Replay Attack
1-22
MAC uses a key
1-23
slow
1-24
A relatively small e makes operations performed with the public key faster.
1-25
Sender verification
1-26
Custom computation
1-27
Issuer dn + serial number
1-28
cn=Winnie Chan Wang, ou=engineering, o=HighTech, Inc, c=US.
1-29
PKCS 12
1-30
7
Chapter 2
Review questions
2-1
Create, secure
2-2
True
2-3
Adversary Economics Formula
n * Cb >> Ch + n * Cc + P11(n) * C11(n)
Cb: The cost of buying the software item.
Ch: The cost of breaking the protection.
Cc: The value of the pirate software.
P11: The probability (risk) of getting caught.
C11: The cost of getting caught.
N: The number of pirate copies to make.
2-4
e
2-5
infringement
2-6
It represents the uniqueness between a particular license and the environment where the
software product is deployed.
2-7
Licensing and code protection
2-8
Building a 100% secure system is either too expensive or not possible.
2-9
A worm is a special type of “smart” virus that can replicate from system to system
without any human user intervention. Trojan horse is standalone software attack that do
not replicate by itself.
2-10
Top secret, secret, confidential unclassified
2-11
No Read up, no write down
2-12
The compartments can be used to indicate whether or not the data can be shared in
particular departments, organizations, companies, or even countries.
2-13
Lattice
2-14
Formal specifications
2-15
B3
2-16
Formal math proof
2-17
Storage, covert, timing channels
2-18
Virus attack, reclassification difficult, high cost of creation and validation.
2-19
Maintenance
2-20
Negative test cases test error condition.
2-21
Risk assessment, external audit, comprehensive test plan
2-22
commercial off-the-shelf software
2-23
Please refer to sidebar.
2-24
11
2-25
False
2-26
security education
2-27
True
2-28
Refactoring is defined as the process of changing the internal structure of software
program to make it easier to understand and maintain without modifying its external
behavior.
2-29
metaphors
2-30
Security user stories and daily security checkup
2-31
Add automatic positive and negative unit test cases
2-32
Code review is static, dynamic analysis is software analysis that involves actually
running of software programs.
2-33
aspect
2-34
AOP defines the concept of join point: it is a well-defined point in the program flow.
2-35
Define security policy.
2-36
True
Chapter 3
Review questions
3-1
Well-defined Entry Points, Predictable Security, End-User Transparency
3-2
Authentication, Confidentiality, Integrity
3-3
Something you know, have, are, do.
3-4
Use finger print to access a token card you have, then PIN to login.
3-5
1
3-6
Yes
3-7
The basic concept is to provide notarization on digital data within the PKI framework.
3-8
No
3-9
Figure 3.3
3-10
Certificate Authority
3-11
False, CA does the issue. RA handles CSR.
3-12
Intermediate CA
3-13
Creation and backup services of keys
3-14
This is the algorithm ID (object identifier (OID) plus any associated parameters) used to
sign the certificate.
3-15
Issuer dn and serial number
3-16
False
3-17
root
3-18
Certificate cannot be changed.
3-19
Class 1, 2, 3
3-20
This update – CRL creation time. Next update – Next CRL issue time.
3-21






Authority Revocation List (ARL)
Complete Certificate Revocation List (CRL)
CRL Distribution Point (DP)
Redirect CRL
Delta CRL
Indirect CRL
3-22
Computer CRL
3-23
False. Application needs to implement the check. No standard to enforce the check.
3-24
False. Can do more then one.
3-25
False.
Chapter 4
Review questions
4-1
Model of: what you can trust, how you are going to build any trust relationship, and when
to apply and verify the trust.
4-2
Threat modeling
4-3
Yes. But usually not a good idea as trust might not match organizational structure.
4-4
“A” trusts “B” when “A” assumes that “B” will behave exactly as “A” expects.
4-5
subordinate trust anchor
4-6
Trust processing can be evenly distributed.
4-7
It is hard to have only one root trust in many cases.
4-8
Hub and Mesh configuration
4-9
A forward cross-certificate is the trusted token a CA needs to go to another community.
And a reverse cross-certificate is the trusted token other CA needs to get into the current
community.
4-10
Binding of CA to browser is not signed, user can add or delete any certificate installed.
4-11
Yes.
4-12
Centralized and decentralized systems
4-13
fundamental risk, Particular risk
4-14
Please refer to section 4.11
4-15
Attack tree is a formal methodology for analyzing the security of software systems.
4-16
Attack pattern
4-17
XSS
4-18
Filter meta characters.
4-19
Filter meta characters.
4-20
Filter meta characters. Filter from browser, filer using URL databases.
Chapter 5
Review questions
5-1
Yes.
5-2
Controlled environment. No, not for DOS, etc.
5-3
Yes, with command line option javap.
5-4
False
5-5
Magic number check, syntax checking, instruction checking, access control modifier
checking
5-6
False. Package level (default)
5-7
Use –Xverify:all option
5-8
Avoid stepping over and provide protection
5-9
ClassLoader
5-10
Name space
5-11
True
5-12
Generations are memory pools holding objects of different ages. Memory is managed in
generations in garbage collection and the collection process occurs in each generation
when the generation fills up.
5-13
Use immutable objects if possible. No.
5-14
Avoid using inner classes. After compilation, an inner class is translated into byte codes
where any class in the same package can access it. Furthermore, the enclosing class’s
private fields are converted into non-private to permit access by the inner class.
5-15
Transient instance fields are neither saved nor restored by the standard Java serialization
mechanism.
5-16
Use package.definition=MyPackage1
[MyPackage2, . . . MyPackageN]
5-17
False
5-18
False
5-19
Protection Domain
5-20
When "x implies y", anyone that is granted permission "x", is automatically granted
permission "y".
5-21
policy file
5-22
CodeBase ends with "/" matches all class files (not JAR files) in the specified directory.
CodeBase ends with "/-" matches all files (both class and JAR files) in the directory and
recursively all files in subdirectories contained in that directory.
5-23
New ones will be implemented in the future.
5-24
False
5-25
No. Optional.
5-26
Accesscontrolexcception
5-27
False
5-28
Use rule of intersection.
5-29



5-30


5-31
stops
To decide whether an access to a critical system resource is allowed or denied
based on the current effective security policy.
To mark code as being "privileged", thus affecting subsequent access
determinations.
To obtain a "snapshot" of the current calling context and enable access-control
decisions from a different context can be made with respect to the saved context.
The code is in the run method of any implementation of either the
java.security.PrivilegedAction or the java.security.PrivilegedExceptionAction
interface. And,
The run() method is executed by the doPrivileged() method of
java.security.AccessController class.
Chapter 6
Review questions
6-1
A provider supplies a concrete implementation of a subset of the cryptography functions.
Architecture allows switching.
6-2
Yes.
6-3
Static and dynamic.
6-4
Text based but long.
6-5
Message digest
6-6
weak strong
6-7
Key, data, and algo.
6-8
(1/2)*2**1024
6-9
blocks
6-10
IV
6-11
Key exchange
6-12
Digital signature needs private key for signing to create.
6-13
Padding
6-14
Signed by trusted CA
6-15
False.
6-16
False
6-17
key store stores key. Trust store is for trusted certificates.
6-18
Using password
6-19
Use jarsign
6-20
Signed applet can access system resources
6-21
certification path
6-22
True for some version. False otherwise. Trick question.
6-23
Provide abstraction
Chapter 7
Review questions
7-1
Authentication
7-2
Authorization
7-3
Get cash from ATM machine
7-4
The protocol that picks one of the available authentication methods for a system.
Negotiate implements RFC 2478: The Simple and Protected GSS-API Negotiation
Mechanism.
7-5
Authorization is implemented when you control permissions for new objects created in a
container object by setting inheritable permissions on the container.
7-6
User ACL, Group ACL, role based
7-7
False. It is an infrastructure to build with.
7-8
PAM divides authentication into front-end (the authentication interface library) and the
back-end (the actual authentication mechanism-specific modules).
7-9
Principal, is used to represent a name associated with a subject.
7-10
Use refreshable
7-11
Configuration such as
JAAS_Demo
{
RegistrationPAM required;
PasswordPAM optional;
RolePAM required;
com.sun.security.auth.module.NTLoginModule required;
};
7-12
LoginContext, load PAMs, login is called, invokes PAM one at a time, authentication
status return to applications, retrieve Subject
7-13
Use login phase and commit phase
7-14
Applications implement the CallbackHandler and pass it to the LoginContext that in turns
forward it to the underlying LoginModules.
7-15
independent
7-16
grant getsubject, modifyprincipals, createlogincontext
7-17
required indicates that the login module must be successful.
7-18
requisite indicates that the login module must be successful, and if it fails no other login
modules will be called.
7-19
abort
7-20
sufficient
7-21
optional
7-22
See section 7.8
7-23
Static and Dynamic
Chapter 8
Review questions
8-1
type checking
8-2
Smart pointer, reference count
8-3
buffer overflow occurs anytime the program writes more data into the memory buffer
than the space it has allocated.
8-4
False
8-5
Heap
8-6
variable attack
8-7
stack overrun
8-8
snprint
8-9
It starts with default environment, and can be substitute to run something else.
8-10
Key size
8-11
Use instead of using long combination of commands.
8-12
relative pathnames
8-13
True
8-14
False
8-15
No prompting but password in clear text when check with system tool such as ps –eaf.
8-16
openssl bf-cfb -e -in mydata.txt -out out.txt
8-17
openssl x509 -in mycert.pem -text -noout
8-18
Hashing
8-19
Iterations of several rounds of the same algorithm will be applied by product ciphers.
And each iteration is termed a cipher round.
8-20
handshake
8-21
records
8-22
Get the client certificate for verification
8-23
Section 8.13
Chapter 9
Review questions
9-1
False
9-2
Taint mode
9-3
Perl automatically enter taint mode when it detects its program running with differing
real and effective user or group IDs. Or use –T.
9-4
External input, expression with other tainted data, etc.
9-5
Because hacker can substitute program with same name but different content to run.
9-6
True
9-7
tainted
9-8
‘PATH’, 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'
9-9
Because the list of filenames comes from outside of the program.
9-10
Use to check unix password.
9-11
sub-pattern matches
9-12
Own scope, need sharing of variables, all underscore variables are shared.
9-13
Use
if ($@)
9-14
Use share_from
9-15
Replace file with same name.
9-16
It uses tmpfile from C and implementation might not be good.
9-17
Race condition
Chapter 10
Review questions
10-1
We define Data Store as a collection of information about objects arranged in some order
that gives details about each object. System of Records are systems that store data records
that is in specific format that are used by various commercial packages. SAP, PeopleSoft,
J.D.Edwards, or any HR package is an example of System of Records.
10-2
No replication, both to both data store and system of records.
10-3
False
10-4
Object class (OC) is just a mechanism for defining a collection of attributes for the
instantiation of a directory entry.
10-5
a. dn: cn=Nicholas Sinn
b. inetOrgPerson
c. subclasses
d. email, password
10-6
Object class (OC)
10-7
Replication, not real time access, full audit in replication.
10-8
distinguished name (DN)
10-9
Workflow
10-10
Delegated Administration
10-11
In Rule-Based Modeling, the administrator programs a set of rules that would apply to
the identity data set. Role-Based Modeling is a technique of Identity Management
modeling in which identities are granted resources, authorization and assignment to one
or more pre-defined roles.
10-12
False
10-13
e.
10-14
Lower the possibility guessing attack
10-15
Passphrase are longer and more secure in general
10-16
System binary needs to be changed.
10-17
Provisioning
10-18
certificate
10-19
Credential
10-20
Authentication – who you are
Authorization – what you can do
10-21
Universal Description, Discovery and Integration
10-22
Need to change network topology and hard to customize
10-23
Network addresses used, id request for web resource.
Chapter 11
Review questions
11-1
MX
11-2
When the primary server fail, it can be used as a backup for re-deliver.
11-3
POP, IMAP
11-4
False
11-5
25
11-6
Ease of lost of device due to its size and portability.
11-7
Power-on password should be used as the first gate for protecting access to the device.
An application running in a mobile device can prompt for additional authentication
whenever a user tries to run the application.
11-8
Authentication for OS user vs DB user.
11-9
Privileges for an administrator to grant the ability to create new database objects (tables),
to delete database objects, to execute SQL statements, or stored procedures.
11-10
Logical, Physical, Temporal, Cryptographic.
11-11
An operating system must provide a security policy and security model.
11-12
The startup or bootstrap mode run all the operating commands with administrator or root
privileges. Once the attacker spoofs the OS bootstrap, files might be mounted to a newly
booted foreign operating system. As a result, the original access control can be bypassed
to access any file.
11-13
Network layer
11-14
Packet filtering firewall, proxy, application gateway
11-15
Flooding
Download