These are sample questions that are very similar to the ones I will ask on the final.
- In computer security, a Trojan horse is:
- A program that has components distributed over many systems, and is used to launch denial of service attacks
- A program that absorbs all available resources of a particular type
- A program with an overt, known purpose and a covert, unknown (and probably undesireable) purpose
- A program that blocks any incoming spam emails
- Which of the following does the Needham-Schroeder protocol require?
- A trusted third party
- A public key cryptosystem
- A certificate authority to identify the users
- A connection to the Internet
- Consider a system that used the Bell-LaPadula model to enforce confidentiality and the Biba model to enforce integrity.
- If the security classes were the same as integrity classes, what objects could a given process (with some security class that also served as its integrity class) access?
- Why is this scheme not used in practice?
- Define each of the following terms in one short sentence:
- public key cryptosystem
- computer worm
- end-to-end encryption
- What is a certificate? What is it used for?
- Does the UNIX operating system enforce the principle of complete mediation for ordinary users (i.e., excluding root)? If not, what needs to be changed to enforce that principle?
- The following routine reads a file name from the standard input and returns its protection mode. It treats the argument as a file name, and returns the protection mode of the file as a short integer. Identify three non-robust features of this routine, and state how to fix them.
/* return protection mode of the named file */
short int protmode(void)
struct stat stbuf;
- Show how ACLs and C-Lists are derived from an access control matrix.
- Name the 5 steps in the flaw hypothesis methodology and briefly say what each is. Which part of that methodology is often omitted? Why?
- Why do some organizations use a DMZ in their network configuration, rather than simply filtering traffic and allowing connections intended for the web and email servers to pass through the firewall?