Sample Midterm

These are sample questions that are very similar to the ones I will ask on the midterm. The midterm will be about an hour long.

  1. Why is a precise statement of security requirements critical to the determination of whether a given system is secure?
  2. This function’s purpose is to copy a string from one buffer to another. It is not robust. Find the problems and say how to fix them. Note that the passing of pointers here is defined in the specification of the interface, and so cannot be changed.
    
    void mystrcpy(char *s, char *t)
    {
    	while(*t != ’\0’)
    		*s++ = *t++;
    	*t = ’\0’;
    }
    
  3. Which of the following demonstrate violations of the principle of least privilege? Please justify your answer.
    1. The Linux root account?
    2. A user whose function is to maintain and install system software. This user has access to the source files and directories, access to only those programs needed to build and maintain software, and can copy executables into system directories for other users. This user has no other special privileges.
  4. How does the Clark-Wilson model require authentication of users to be done?
    1. A trusted user must vouch for the new user
    2. Two-factor authentication must be used
    3. If passwords are used, they must be at least 12 characters long, and use a mixture of letters, digits, and other characters
    4. None of the above
  5. Which of the following does the Needham-Schroeder protocol discussed in class require?
    1. A trusted third party
    2. A public key cryptosystem
    3. A certificate authority to identify the users
    4. A connection to the Internet
  6. Represent an integrity compartment label using the notation
    ( integrity level; set of categories )
    where the integrity levels are “high”, “medium”, “low”, or “unknown” (in decreasing order of trust) and the integrity categories are “dog”, “cat”, and “pig”. Can a user cleared for (medium; { dog, cat }) have read or write access (or both or neither) to documents classified in each of the following ways under the Biba model?
    1. (high; { dog })
    2. (low; { dog })
    3. (medium; { dog, cat })
    4. (unknown; { pig })
    5. (high; { dog, pig, cat })

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of October 27, 2019 at 9:50PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh