Sample Final

These questions are very similar to the types of questions I will ask on the final.

  1. In computer security, a Trojan horse is:
    1. A program that has components distributed over many systems, and is used to launch denial of service attacks
    2. A program that absorbs all available resources of a particular type
    3. A program with an overt, known purpose and a covert, unknown (and probably undesireable) purpose
    4. A program that blocks any incoming spam emails
  2. How does the Clark-Wilson model require authentication of users to be done?
    1. A trusted user must vouch for the new user
    2. Two-factor authentication must be used
    3. If passwords are used, they must be at least 12 characters long, and use a mixture of letters, digits, and other characters
    4. None of the above
  3. Which of the following does the Needham-Schroeder protocol require?
    1. A trusted third party
    2. A public key cryptosystem
    3. A certificate authority to identify the users
    4. A connection to the Internet
  4. This function’s purpose is to copy a string from one buffer to another. It is not robust. Find the problems and say how to fix them. Note that the passing of pointers here is defined in the specification of the interface, and so cannot be changed. 
    
void mystrcpy(char *s, char *t)
{
	while(*t != ’\0’)
		*s++ = *t++;
	*t = ’\0’;
}
  5. Discuss the revocation problem with respect to access control lists and capabilities. How might one efficiently implement a command to revoke access to an object by one particular user?
  6. Consider the problem of managing certificates. One expert said that a hierarchical scheme, such as that employed by PEM, is more likely to be used for business than the Web of Trust employed by PGP. What specific features of the hierarchical system as implemented for PEM (and for other Internet applications) led him to make this assertion? Why might these features lead him to make this statement?
  7. Represent an integrity compartment label using the notation
    (integrity level; set of categories)
    where the integrity levels are “high”, “medium”, “low”, or “unknown” (in decreasing order of trust) and the integrity categories are “dog”, “cat”, and “pig”. Can a user cleared for
    (medium; { dog, cat })
    have read or write access (or both) to documents classified in each of the following ways under the Biba model?
    1. (high; { dog })
    2. (low; { dog })
    3. (medium; { dog, cat })
    4. (unknown; { pig })
    5. (high; { dog, pig, cat })
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of May 30, 2016 at 12:18AM

You can also obtain a PDF version of this.