When & Where

The second exam will be held in our regular classroom on Monday, November 4, 2024.

It will take up about half the lecture, starting approximately during the second half of the class period. Please arrive on time and do not plan on coming in just to take the exam. If you arrive after the exam has started, you will not be allowed to take it.

Exam rules

Be sure to arrive on time. If you arrive after the exam starts, you will not be allowed to take it.

This will be a closed book, closed notes exam. Calculators, phones, augmented reality glasses, laptops, and tablets are neither needed nor permitted. If you have these devices, you must turn them off, put them out of sight, and not access them for the duration of the exam.

No other electronic devices are permitted except for hearing aids, pacemakers, electronic nerve stimulators, other implanted medical devices, or electronic watches that function only as timekeeping devices or chronographs.

Bring a couple of pens or pencils with you. Plan to use a pen only if you are supremely confident in not changing your mind about your answers. . Check here for information about pencils, sharpeners, and the craft of pencil sharpening.

Past exams

You can use my past exams as a guide to what this exam may look like, but realize there are differences in topics and in the sequencing of the topics. Expect around 25 multiple-choice questions. I do not refer to old exams when I come up with a new one, so it is likely that many of the topics that I considered important in past exams will show up on future exams. Some material may have changed, however, so do not worry about questions that appear to relate to topics we have not covered.

Get past 419 exams here.

Study guide

You are responsible for the material from the four lectures, homeworks, and recitations since the last exam. The exam is not cumulative.

I’ve prepared a study guide that attempts to cover most (but not all) of the material you should know. It is not a substitute for the lectures, lecture material, and other reading matter. All the material may not be in the guide. My goal is to put most of the information you need to know a concise with fewer elaborations. You can also prepare your own guide, which would be a far better way to prepare for the exam.

→ Get the study guide

Reading material from the homework

Biometrics & Bitcoin

• Ross Anderson, Security Engineering, Chapter 17: Biometrics, pages 522–546

• Danny Thakkar, The Most Secure and Accurate Biometric Modality: A comparative analysis, Bayometric.

• Bitcoin: A Peer-to-Peer Electronic Cash System, Satoshi Nakamoto. This is the original paper that introduced Bitcoin. The protocol was refined over the years. For instance, the proof-of-work value changed a bit from simply counting leading zeros, the concept of addresses that are not just your public key came a bit later, and the difficulty adjustment was refined – but this covers all the big ideas of bitcoin and is quick reading.

Access control

• Ross Anderson, Security Engineering, Chapter 6 (OS access controls) and Chapter 9 (multilevel security)
  • 6.2 Operating system access controls, p. 205 - 212.
  • You can skim or skip 6.2.6 - 6.3.2, p. 212 - 226.
  • 6.4 What goes wrong - 6.4.4, p. 226 - 233.
  • 9.3 Multilevel Security Policy - 9.3.5 The Biba Model, p. 302 - 309
  • 10.4.7 The Chinese Wall, p. 347 - 348

Code injection

• Josef Nelißen, Buffer Overflows for Dummies, SANS Institute Information Security Reading Room, May 1, 2002, © 2021. Note that this document was written before Microsoft Windows made a thread’s stack non-executable by default.
• Huzaifa Sidhpurwala, Security Technologies: Stack Smashing Protection (StackGuard), Red Hat Blog, August 20, 2018
• Hari Pulapaka, Understanding Hardware-enforced Stack Protection, Microsoft Windows OS Platform Blog, March 24, 2020.

Topics

Topics that you should know and may be on the exam include:

Hash Pointers, Bitcoin, and Blockchain

• Hash pointers: tamper-proof data

  • How do they differ from normal pointers?
  • What is a tamper-evident log, or blockchain?
  • What is a Merkle tree?

• Distributed ledger: roles of blocks and blockchains

• User identification (“addresses”)

  • Addresses (you don’t need to know the steps for deriving one but know what they are)
  • Addresses vs. public keys

• Transaction components: inputs, outputs, change, fee

• Double spending problem

• Role of Merkle trees in a bitcoin blockchain

• Role of mining and proof of work

• What is a target hash?

• What is the purpose Difficulty Adjustment Algorithm (just know what it does)

• Handling competing chains

• What is a 51% attack?

Access control

• What is protection?
• What is access control?
• Basic OS and hardware mechanisms for protection
  • Hardware timer
  • Process scheduler
  • Memory management unit (MMU)
  • user vs. kernel mode execution
  • You do not need to know about rings of privilege levels or call gates
  • Purpose of authentication
  • Subjects vs. objects
• Unix access control model
  • root user
  • User, group, other
  • Read, write, execute permissions
  • You don’t need to know the order of checking
  • You don’t need to know windows domains
  • You don’t need to know what permissions mean for directories (e.g., execute?)?
  • You don’t need to remember /etc/passwd and /etc/group but know that there’s a file that stores a user' login, user ID, and a user’s default group … and another that stores a list of groups and user names that belong to each group
  • You don’t need to remember syntax but know:
    • chmod - change permissions of a file
    • chown - change ownership of a file
    • chgrp - change group of a file
    • umask - initial (default) permissions of a file
    • possible race condition with using umask
  • setuid - what does it do? What are the risks?
• Access control lists (ACLs)
  • Know the purpose of ACLs
  • You don’t need to know any syntax for setting them
• Principle of least privilege
• Privilege separation
• Access control matrix
  • What’s a row annd what’s a column?
  • I will not ask about access transitions
  • I will not ask about domain transfers
  • Implementation problems of ACLs
  • Implementation problems of capability lists
• Mandatory Access Control (MAC)
  • DAC vs. MAC
  • Bell-LaPadula Model
    • Simple Security Property
    • *-Property
    • Discretionary Security Property
    • I will not ask about Bell-LaPadula tranquility principles
  • Biba Integrity Model
    • Difference from Bell-LaPadula
    • Simple Integrity Property
    • *-Property
  • Type Enforcement (TE) Model
    • Just the concept
  • Role-Based Access Control (RBAC) Model
    • Just the concept
• Multilateral security (lattice model)
  • What is the concept?
  • What is a compartment?
  • What does a lattice model represent?
• Chinese Wall model
  • What is the goal?
  • What is a conflict class?
  • I will not ask you about the Simple security property and *-property but understand when a subject will or will not be granted access to an object.
  • I will not ask you about unsanitized data

Code injection attacks and memory vulnerabilities

• What is a buffer overflow?

• Why are setuid programs attractive targets?

• Stack overflow

  • Role of stack pointer
  • Return address overwrite
  • NOP slide = landing zone

• Off-by-one stack overflow

  • What is a frame pointer?
  • Taking control

• Heap overflow

  • What is the risk?

• Format string attacks

  • What creates the vulnerability?
  • Understand how you can read the stack
  • Understand how you can write to memory via printf

• Defenses

  • Safe vs. dangerous functions (e.g., strncpy vs. strcpy)
  • What does fuzzing do?
  • What’s the problem with languages like C or C++?
  • Data Execution Prevention (DEP)
    • What does it do?
    • What is a return-to-libc attack?
    • What is Return Oriented Programming (ROP)?
  • Address Space Layout Randomization (ASLR)
    • What is it?
  • Stack canaries
    • What are they?
    • When are they checked?
    • Why would a compiler re-order how variables are allocated on the stack?
  • Shadow stacks

• Other memory vulnerabilities

  • Concepts and effects of integer overflow and underflow
  • Use-after-free vulnerability

Input bugs, command injection attacks

• Command injection attacks
  • What are they?
  • Difference from code injection
• SQL injection attack
  • I do not expect you to know SQL but recognize how the attack works and how interpreted languages and command interpreters in general are vulnerable
  • Prevention
    • Escaping
    • Parameterized queries
• Importance of input sanitization (input validation)
• What does shlex.quote() do in Python?
• Path traversal vulnerabilities
• Shell and execution environment attacks
  • system() and popen() risks
    • Understand that the attacks are essentially the same as for SQL injection
  • PATH: what is the risk?
  • LD_PRELOAD/LD_LIBRARY_PATH: what is the risk?
  • Assumptions about stdin, stdout, stderr: how might you attack a program via a file descriptor?
• Function interposition
• Non-injection attacks
  • Understand what is meant by comprehension errors
  • Understand why parsing a filename can be tricky
  • Understand why unicode can make parsing even trickier
  • What is a TOCTTOU (Time Of Check To Time Of Use) attack?
  • mktemp() problem

App Confinement

• Why is access control not sufficient?

• chroot

  • What does it do?
  • Why must it only be run as root?
  • What is the purpose of a jailkit?
  • How can you escape a chroot jail if you get root privileges?

• FreeBSD Jails

  • Understand the goal and how they wanted to improve chroot
  • Ability to restrict what root can do inside a jail

• Linux app isolation

  • Namespaces
    • Recognize the different namespaces: IPC, network, mount (file system), process IDs, user/group IDs, network name
  • Capabilities
    • Note that these have no relation to capability lists for files
    • Know that they restrict what privileges a process can have, whether it’s running as root or not
    • You don’t have to know the capabilities but it might be good to recognize a few of them to understand what kind of things they control
  • Control groups (cgroups)
    • Just know that they allow you to limit the amount of resources used by a proces (CPU, memory, file I/O, network I/O)

• Containers

  • Security components: namespaces, cgroups, capabilities
    • Remember what these do
  • What are containers and what are the benefits?
    • Separate policy from enforcement
    • Helps avoid comprehension errors
    • How does a container differ from a virtual machine?
    • Main components: control groups, namespaces, capabilities, copy-on-write file system
    • Understand some possible security problems with containers
  • You don’t need to know Docker Hub and Docker swarm, any Docker commands, Kubernetes, or container orchestration

• Virtual Machines

  • Process virtual machine: what is it? How does it differ from a VM?
  • What’s a hypervisor (virtual machine manager)
  • Handling of privileged instructions with VMM in place
  • Native vs. hosted VM
  • You don’t need to know covert channels (side channel attacks)

App Confinement: Application Sandboxing

• Kernel hooks with user-level validation (e.g., Janus)
  • Hooks
  • Per-process policies
  • User-level validation (e.g., Janus) problems: TOCTTOU, state synchronization
• Native OS sandboxing
  • Linux Seccomp-BPF (just what it does and that it’s implemented in the kernel)
  • system call filters
  • pattern matching
  • You don’t need to know anything about the Apple Sandbox
• Java sandbox roles of bytecode verifier, class loader, security manager
• You don’t need to know anything about web sandboxes or the Chromium Native Client