Answer Key for Software Security Technologies

whooshribbitSoftware and s/w Development

Dec 2, 2013 (3 years and 11 months ago)

70 views

Answer Key for Software Security Technologies

Richard Sinn



Chapter 1

Review questions


1
-
1

faked, trustworthy


1
-
2

An attacker maliciously changes data in transit or in medium.


1
-
3

Confidentiality, Authentication, Integrity


1
-
4

Entity Authentication

pr
ovides identification of the specific entity involved in isolation
from any other activity that the entity might want to perform.
Data Origin Authentication

is also called non
-
repudiation, it identifies a specific entity as the source or origin of a
given
piece of data.


1
-
5

Single, secret


1
-
6

P[i] = KS[i] XOR C[i]


1
-
7

Digits, digit


1
-
8

The cipher in ECB takes a single block of plaintext and produces a single block of
ciphertext.


1
-
9

In CBC mode, the encryption of each plaintext block depends on the ci
phertext of the
previous block.


1
-
10

CFB mode turns a block cipher into a stream cipher.


1
-
11

OFB is another way of changing a block cipher into a stream cipher. It generates the next
keystream block by encrypting the previous keystream block.


1
-
12

stre
am


1
-
13

Dictionary attack is the general technique of guessing a secret (such as key or password)
by running through a list of possibilities, often a list of words from a dictionary.


1
-
14

2
a/2


1
-
15

For encryption of first block.


1
-
16

Snooping.


1
-
17

The algorithm becomes the same as DES and 3DES hardware can be made to
interoperate with DES hardware.


1
-
18

False, RC4 is a stream cipher.


1
-
19


d


1
-
20

Preimage resistant, Second preimage resistant, Collision
-
resistant.


1
-
21

Replay Attack


1
-
22

MAC use
s a key


1
-
23

slow


1
-
24

A relatively small
e

makes operations performed with the public key faster.


1
-
25

Sender verification


1
-
26

Custom computation

1
-
27

Issuer dn + serial number


1
-
28

cn=Winnie Chan Wang, ou=engineering, o=HighTech, Inc, c=US.


1
-
29

P
KCS 12


1
-
30

7


Chapter 2

Review questions


2
-
1

Create, secure


2
-
2

True


2
-
3

Adversary Economics Formula


n * Cb >> Ch + n * Cc + P11(n) * C11(n)


Cb
: The cost of buying the software item.

Ch
: The cost of breaking the protection.

Cc
: The value of the pir
ate software.

P11
: The probability (risk) of getting caught.

C11
: The cost of getting caught.

N
: The number of pirate copies to make.


2
-
4

e


2
-
5

infringement


2
-
6

It
represents the uniqueness between a
particular

license and the environment where the
soft
ware product is
deployed
.


2
-
7

Licensing and code protection


2
-
8

Building a 100% secure system is either too expensive or not possible.


2
-
9

A worm is a special type of “smart” virus that can replicate from system to system
without any human user interven
tion. Trojan horse is standalone software attack that do
not replicate by itself.


2
-
10

Top secret, secret, confidential unclassified


2
-
11

No Read up, no write down


2
-
12

The compartments can be used to indicate whether or not the data can be shared in
pa
rticular departments, organizations, companies, or even countries.


2
-
13

Lattice


2
-
14

Formal specifications


2
-
15

B3


2
-
16

Formal math proof


2
-
17

Storage, covert, timing channels


2
-
18

Virus attack, reclassification difficult, high cost of creation and v
alidation.


2
-
19

Maintenance


2
-
20

Negative test cases test error condition.


2
-
21

Risk assessment, external audit, comprehensive test plan


2
-
22

commercial off
-
the
-
shelf software


2
-
23

Please refer to sidebar.


2
-
24

11


2
-
25

False


2
-
26

security educatio
n


2
-
27

True


2
-
28

Refactoring is defined as the process of changing the internal structure of software
program to make it easier to understand and maintain without modifying its external
behavior.


2
-
29

metaphors


2
-
30

Security user stories and daily secu
rity checkup


2
-
31

Add automatic positive and negative unit test cases


2
-
32

Code review is static,
dynamic analysis is software analysis that involves actually
running of software programs.


2
-
33

aspect


2
-
34

AOP defines the concept of join point: it is a

well
-
defined point in the program flow.


2
-
35

Define security policy.


2
-
36

True

Chapter 3

Review questions


3
-
1

Well
-
defined Entry Points, Predictable Security, End
-
User Transparency


3
-
2

Authentication, Confidentiality, Integrity


3
-
3

Something you kno
w, have, are, do.


3
-
4

Use finger print to access a token card you have, then PIN to login.


3
-
5

1


3
-
6

Yes


3
-
7

The basic concept is to provide notarization on digital data within the PKI framework.


3
-
8

No


3
-
9

Figure 3.3


3
-
10

Certificate Authority


3
-
1
1

False, CA does the issue. RA handles CSR.


3
-
12

Intermediate CA


3
-
13

Creation and backup services of keys


3
-
14

This is the algorithm ID (object identifier (OID) plus any associated parameters) used to
sign the certificate.


3
-
15

Issuer dn and serial nu
mber


3
-
16

False


3
-
17

root


3
-
18

Certificate cannot be changed.


3
-
19

Class 1, 2, 3


3
-
20

This update


CRL creation time. Next update


Next CRL issue time.


3
-
21



Authority Revocation List (ARL)



Complete Certificate Revocation List (CRL)



CRL Distribution

Point (DP)



Redirect CRL



Delta CRL



Indirect CRL


3
-
22

Computer CRL


3
-
23

False. Application needs to implement the check. No standard to enforce the check.


3
-
24

False. Can do more then one.


3
-
25

False.


Chapter 4

Review questions


4
-
1

Model of: what you

can trust, how you are going to build any trust relationship, and when
to apply and verify the trust.


4
-
2

Threat modeling


4
-
3

Yes. But usually not a good idea as trust might not match organizational structure.


4
-
4

“A” trusts “B” when “A” assumes that “
B” will behave exactly as “A” expects.


4
-
5

subordinate trust anchor


4
-
6

Trust processing can be evenly distributed.


4
-
7

It is hard to have only one root trust in many cases.


4
-
8

Hub and Mesh configuration


4
-
9

A forward cross
-
certificate is the trusted

token a CA needs to go to another community.
And a reverse cross
-
certificate is the trusted token other CA needs to get into the current
community.


4
-
10

Binding of CA to browser is not signed, user can add or delete any certificate installed.


4
-
11

Yes.


4
-
12

Centralized and decentralized systems


4
-
13

fundamental risk, Particular risk


4
-
14

Please refer to section 4.11


4
-
15

Attack tree is a formal methodology for analyzing the security of software systems.


4
-
16

Attack pattern


4
-
17

XSS


4
-
18

Filter met
a characters.


4
-
19

Filter meta characters.


4
-
20

Filter meta characters. Filter from browser, filer using URL databases.

Chapter 5

Review questions


5
-
1

Yes.


5
-
2

Controlled environment. No, not for DOS, etc.


5
-
3

Yes, with command line option javap.


5
-
4

False


5
-
5

Magic number check, syntax checking, instruction checking, access control modifier
checking


5
-
6

False. Package level (default)


5
-
7

Use

Xverify:all option


5
-
8

Avoid stepping over and provide protection


5
-
9

ClassLoader


5
-
10

Name space


5
-
1
1

True


5
-
12

Generations are memory pools holding objects of different ages. Memory is managed in
generations in garbage collection and the collection process occurs in each generation
when the generation fills up.


5
-
13

Use immutable objects if possible.

No.


5
-
14

Avoid using inner classes. After
compilation
, an inner class is translated into byte codes
where any class in the same package can access it. Furthermore, the enclosing class

s
private fields are converted into non
-
private to
permit

access by the

inner class.


5
-
15

Transient instance fields are neither saved nor restored by the standard Java serialization
mechanism.


5
-
16

Use
package.definition=MyPackage1 [MyPackage2, . . . MyPackageN]


5
-
17

False


5
-
18

False


5
-
19

Protection Domain


5
-
20

When
"
x

implies
y
"
,

any
one
that
is granted permission "
x
", is
automatically

granted
permission "
y
".


5
-
21

policy file


5
-
22

CodeBase ends with "/" matches all class files (not JAR files) in the specified directory.
CodeBase ends with "/
-
" matches all files (both c
lass and JAR files) in the directory and
recursively all files in subdirectories contained in that directory.


5
-
23

New ones will be implemented in the future.


5
-
24

False


5
-
25

No. Optional.


5
-
26

Accesscontrolexcception


5
-
27

False

5
-
28

Use rule of inter
section.


5
-
29



To decide whether an access to a critical system resource is allowed or denied
based on the current effective security policy.



To mark code as being "privileged", thus affecting subsequent access
determinations.



To obtain a "snapshot" of the

current calling context and enable access
-
control
decisions from a different context can be made with respect to the saved context.


5
-
30



The code is in the run method of any implementation of either the
java.security.PrivilegedAction or the java.securit
y.PrivilegedExceptionAction
interface. And,



The run() method is executed by the doPrivileged() method of
java.security.AccessController class.


5
-
31

stops






Chapter 6

Review questions


6
-
1

A provider
supplies a concrete implementation of a subset of th
e cryptography
functions
.
Architecture allows switching.


6
-
2

Yes.


6
-
3

Static and dynamic.


6
-
4

Text based but long.


6
-
5

Message digest


6
-
6

weak strong


6
-
7

Key, data, and algo.


6
-
8

(1/2)*2**1024


6
-
9

blocks


6
-
10

IV


6
-
11

Key exchange


6
-
12

Digital si
gnature needs private key for signing to create.


6
-
13

Padding


6
-
14

Signed by trusted CA


6
-
15

False.


6
-
16

False


6
-
17

key store stores key. Trust store is for trusted certificates.


6
-
18

Using password


6
-
19

Use jarsign


6
-
20

Signed applet can access sy
stem resources


6
-
21

certification path


6
-
22

True for some version. False otherwise. Trick question.


6
-
23

Provide abstraction


Chapter 7

Review questions


7
-
1

Authentication


7
-
2

Authorization


7
-
3

Get cash from ATM machine


7
-
4

The protocol that picks
one of the available authentication methods for a system.
Negotiate implements RFC 2478: The Simple and Protected GSS
-
API Negotiation
Mechanism.


7
-
5

Authorization is implemented when you control permissions for new objects created in a
container object by

setting inheritable permissions on the container.


7
-
6

User ACL, Group ACL, role based


7
-
7

False. It is an infrastructure to build with.


7
-
8

PAM divides authentication into front
-
end (the authentication interface library) and the
back
-
end (the actual au
thentication mechanism
-
specific modules).


7
-
9

Principal, is used to represent a name associated with a subject.


7
-
10

Use refreshable


7
-
11

Configuration such as

JAAS_Demo

{


RegistrationPAM required;


PasswordPAM optional;


RolePAM required;


co
m.sun.security.auth.module.NTLoginModule required;

};


7
-
12

LoginContext, load PAMs, login is called, invokes PAM one at a time, authentication
status return to applications, retrieve Subject


7
-
13

Use login phase and commit phase


7
-
14

Applications implem
ent the CallbackHandler and pass it to the LoginContext that in turns
forward it to the underlying LoginModules.


7
-
15

independent


7
-
16

grant getsubject, modifyprincipals, createlogincontext


7
-
17

required

indicates that the login module must be successfu
l.


7
-
18

requisite

indicates that the login module must be successful, and if it fails no other login
modules will be called.


7
-
19

abort


7
-
20

sufficient


7
-
21

optional


7
-
22

See section 7.8


7
-
23

Static and Dynamic



Chapter 8

Review questions


8
-
1

typ
e checking


8
-
2

Smart pointer, reference count


8
-
3

buffer overflow occurs anytime the program writes more data into the memory buffer
than the space it has allocated.


8
-
4

False


8
-
5

Heap


8
-
6

variable attack


8
-
7

stack overrun


8
-
8

snprint


8
-
9

It starts

with default environment, and can be substitute to run something else.


8
-
10

Key size


8
-
11

Use instead of using long combination of commands.


8
-
12

relative pathnames


8
-
13

True


8
-
14

False


8
-
15

No prompting but password in clear text when check with sy
stem tool such as ps

eaf.


8
-
16

openssl bf
-
cfb
-
e
-
in mydata.txt
-
out out.txt


8
-
17

openssl x509
-
in mycert.pem
-
text
-
noout


8
-
18

Hashing


8
-
19

Iterations of several rounds of the same algorithm will be applied by product ciphers.
And each iteration is t
ermed a cipher round.


8
-
20

handshake


8
-
21

records


8
-
22

Get the client certificate for verification


8
-
23

Section 8.13






Chapter 9

Review questions


9
-
1

False


9
-
2

Taint mode


9
-
3

Perl automatically enter taint mode when it detects its program runnin
g with differing
real and effective user or group IDs. Or use

T.


9
-
4

External input, expression with other tainted data, etc.


9
-
5

Because hacker can substitute program with same name but different content to run.


9
-
6

True


9
-
7

tainted


9
-
8

‘PATH’,
'IFS
', 'CDPATH', 'ENV', 'BASH_ENV'


9
-
9

Because the list of filenames comes from outside of the program.


9
-
10

Use to check unix password.


9
-
11

sub
-
pattern matches


9
-
12

Own scope, need sharing of variables, all underscore variables are shared.


9
-
13

Use

if
($@)


9
-
14

Use share_from


9
-
15

Replace file with same name.


9
-
16

It uses tmpfile from C and implementation might not be good.


9
-
17

Race condition


Chapter 10

Review questions


10
-
1

We define
Data Store

as a collection of information about objects arra
nged in some order
that gives details about each object.
System of Records

are systems that store data records
that is in specific format that are used by various commercial packages. SAP, PeopleSoft,
J.D.Edwards, or any HR package is an example of System
of Records.


10
-
2

No replication, both to both data store and system of records.


10
-
3

False


10
-
4

Object class (OC) is just a mechanism for defining a collection of attributes for the
instantiation of a directory entry.


10
-
5

a. dn: cn=Nicholas Sinn

b. in
etOrgPerson

c. subclasses

d. email, password


10
-
6

Object class (OC)


10
-
7

Replication, not real time access, full audit in replication.


10
-
8

distinguished name (DN)


10
-
9

Workflow


10
-
10

Delegated Administration


10
-
11

In Rule
-
Based Modeling, the adminis
trator programs a set of rules that would apply to
the identity data set.
Role
-
Based Modeling

is a technique of Identity Management
modeling in which identities are granted resources, authorization and assignment to one
or more pre
-
defined roles.


10
-
12

Fa
lse


10
-
13

e.


10
-
14

Lower the possibility guessing attack


10
-
15

Passphrase are longer and more secure in general


10
-
16

System binary needs to be changed.


10
-
17

Provisioning


10
-
18

certificate


10
-
19

Credential


10
-
20

Authentication


who you are

Autho
rization


what you can do


10
-
21

Universal Description, Discovery and Integration


10
-
22

Need to change network topology and hard to customize


10
-
23

Network addresses used, id request for web resource.


Chapter 11

Review questions


11
-
1

MX


11
-
2

When th
e primary server fail, it can be used as a backup for re
-
deliver.


11
-
3

POP, IMAP


11
-
4

False


11
-
5

25


11
-
6

Ease of lost of device due to its size and portability.


11
-
7

Power
-
on password should be used as the first gate for protecting access to the devi
ce.

An application running in a mobile device can prompt for additional authentication
whenever a user tries to run the application.


11
-
8

Authentication for OS user vs DB user.


11
-
9

Privileges for an administrator to grant the ability to create new data
base objects (tables),
to delete database objects, to execute SQL statements, or stored procedures.


11
-
10

Logical, Physical, Temporal, Cryptographic.


11
-
11

An operating system must provide a security policy and security model.


11
-
12

The startup or boots
trap mode run all the operating commands with administrator or root
privileges. Once the attacker spoofs the OS bootstrap, files might be mounted to a newly
booted foreign operating system. As a result, the original access control can be bypassed
to access

any file.


11
-
13

Network layer


11
-
14

Packet filtering firewall, proxy, application gateway


11
-
15

Flooding