SFL Exam (2nd date)
Winter Term 20/21, March 29, Group 0
Points and time: This exam lasts 120 minutes, plus 30 minutes for uploading
your results. In total, you can obtain 120 points, i.e., plan for one minute per point.
Copyright By PowCoder代写 加微信 powcoder
Allowed materials: This is an open-book exam. You are allowed to use the lecture material (slides, books, exercises), a local system (including compiler, debugger and dis/assembler), a calculator, and dictionaries. You are not allowed to team up with others, or to otherwise communicate. The usage of the Internet, except the exam video conference, lecture videos and Moodle, is prohibited.
Solution format: Solve the questions on your own paper with a well-readable pen. Typewritten solutions will not be accepted. Please note your student number on all pages. Answer in German or English. Watch your handwriting!
Solution submission: Digitize your hand-written exam (e.g., using a scanner or camera) and upload your solution to the according Moodle task (“Aufgabe”) before the deadline. Please make sure that your digitized solutions are readable.
Passing this exam: You have passed this exam if you obtain at least 50% of the points, i.e., ≥ 60 points in total.
1 2 3 4 5 6 7 8 9
Short Title
Diffie- -Time Pad
DNS Security
Firewalling
Integer Overflow Return-Oriented Programming Code-Reuse Attacks
Web Security Access Control
SFL Exam (2nd date)
1 Diffie-Hellman (10 points)
Recap how we defined the Diffie-Hellman key exchange:
With reference to this scheme, answer the following tasks:
1. (3 pts): Assume you let the attacker define the modulo p as an arbitrarily small prime number. Why does this cause problems?
2. (4 pts): You let the attacker define the base g as an arbitrary number in range 2 ≤ g ≤ p. Chose the most favorable g that weakens the security the most. (+2) Describe the consequence of this particular g. (+2)
3. (3 pts): Assume you implement Diffie-Hellman. In your open-source implementa- tion, you pick x (or y) at random from a fixed set of 220 large numbers. Describe why this weakens Diffie-Hellman security guarantees.
X = gx mod p
Y = gy mod p
k = Y mod p
k = Xy mod p
g: p: x, y:
public number (base) large public prime secret large numbers
Page 2 of 10
2 One-Time Pad (OTP) (14 pts)
If OTPs are reused, attackers can infer plaintext patterns by computing c1⊕c2 = m1⊕m2. Here, ⊕ denotes bit-wise exclusive OR, ci the ith ciphertext, and mi the ith plaintext.
As an attempt to mitigate this problem, Charlie proposes an OTP scheme that avoids using the same OTP twice. In his scheme, ci = mi ⊕ OTPi , where OTPi is the OTP used to encrypt mi. He suggests deriving a new OTP by XOR-ing the previous OTP and the corresponding ciphertext, i.e., OTPi+1 = OTPi ⊕ ci.
1. (6 pts) Show that this scheme is similarly prone to attacks as a scheme with a fixed OTP. Concretely, show (mathematically) how you can infer relationships between two subsequent plaintext messages by just observing a single ciphertext.
2. (6 pts) Assume you learn OTPn and observe all ciphertexts c1..n. Infer OTP1 mathematically from this data.
3. (2 pts) Charlie furthermore proposes to chose the initial OTP at random, but exclude the OTP value 0 (zero) from the random search. Does this increase or decrease security? (+1) Why? (+1)
SFL Exam (2nd date)
Page 3 of 10
3 DNS Security (13 pts)
1. Confidentiality in DNS (4 pts) Assume a DNS client does not want their recursive DNS resolver to learn which domains the client looks up.
Can the client use DNS over TLS (DoT) and DNS over HTTPS (DoH) to prevent leaking this information to the resolver? Why (not)? (+2)
Depending on your previous answer, now discuss on of the following (+2): If so, does DNSSEC offer similar guarantees? Why (not)?
If not, can you extend DoT/DoH to prevent such leaks? How / why not?
2. DNS Cache Snooping (6 pts) DNS cache snooping attackers ask their target resolver to avoid recursion when snooping for domains. For example, to find out whether the resolver has recently looked up google.com, attackers ask the resolver to look up google.com and unset the RD (recursion desired) bit of their requests.
Why would setting RD=1 cause the cache to become “poisoned”? (+2)
Are resolvers that always perform iterative lookups (i.e., even if RD=0) fully
protected against cache snooping? Why (not)? (+2)
Imagine a cache snooping attack against a resolver that is shared by multiple users. Can attackers generally distinguish which user has caused a certain record to be cached? Why (not)? (+2)
3. DNS Source Port (3 pts) You observe that your DNS resolver always uses UDP source port 53 when resolving domains. Why—from a DNS perspective (not from a software security perspective!)—is this a bad idea? (+2) What is the preferred alternative for DNS resolvers for selecting source ports? (+1)
SFL Exam (2nd date)
Page 4 of 10
4 Firewalling (15 pts)
Assume a network architecture in which a single centralized IPv4 firewall is placed between a corporate network and the Internet. The network administrator has placed all hosts in the corporate network into the network range 5.0.0.0/24 (i.e., 5.0.0.0–5.0.0.255). The network contains an SSH server at 5.0.0.1 and an SMTP server at 5.0.0.5. Clients and servers belong to a joint, single network segment.
443,80 TCP NEW 53 UDP NEW 22 TCP NEW 25 TCP NEW
Answer the following questions (+1 each) and note down the rules (or default policy) that allow/disallow the respective case (+1 each).
1. (2 pts) Can client 5.0.0.100 establish TCP connections to 13.33.33.37:80?
2. (2 pts) Can client 5.0.0.5 establish TCP connections to 1.2.3.4:22?
3. (2 pts) Can the two network-internal hosts 5.0.0.50 and 5.0.0.51 communicate with each other on arbitrary TCP ports?
4. (2 pts) Can the SMTP server (5.0.0.5) perform DNS name lookups (UDP/53) at a DNS resolver of its choice?
5. (2 pts) Assume an external host connects to the SSH server (5.0.0.1). Can the SSH server actually send data back regardless of the client’s TCP source port?
6. (2 pts) Assume an external hosts initiates an email transfer to the mail server at 5.0.0.5 via SMTP (TCP/25). The mail server asks the email client to instead send its email via “SMTP over TLS” on TCP port 465. Does the firewall allow this?
7. (3 pts) Assume you have observed lots of email spam from the email client at address 66.66.66.66. Add a firewall rule that refuses SMTP traffic from this bad- behaving client towards the mail server at 5.0.0.5. (+2) Make sure to mention at which position you would insert this rule. (+1)
Hint: Ensure that your answers include references to the relevant rule/policy!
SFL Exam (2nd date)
Source Port
#4 ACCEPT #5ACCEPT*
5.0.0.0/24 ** 5.0.0.0/24 * 8.8.8.8 * * 5.0.0.1 * * 5.0.0.5
** **ESTABL. Table 1: Stateful firewall policies. Default policy is DROP.
Page 5 of 10
Over- and Underflows (4 pts): Pinpoint and describe the two integer under- /overflow vulnerabilities in this program. State the affected line numbers (+2), and if an under- and/or overflows can occur (+2).
Hint: A variable v of type int32 t can be −231 = INT MIN ≤ v ≤ INT MAX = 231 − 1. Hint #2: The statement sizeof(int32 t) corresponds to 4 (bytes).
Follow-Up Problem (4 pts): When these vulnerabilities are triggered, the func- tion may suffer from additional follow-up bugs. Describe them for each of the two integer under-/overflow vulnerabilities (+2). Provide concrete sequences of inputs that trigger the follow-up bugs (+2).
The Fix (6 pts): Change the code or add (complete!) code in order to mitigate or handle the two under- and overflows (+6). You can use goto err; (which aborts the function with an error) to handle error cases. Annotate your changes with the according line numbers you plan to change and/or extend.
SFL Exam (2nd date)
1 2 3 4 5 6 7 8 9
5 Software Security: Integer Overflows (14 points)
You are given a C function that accepts a (non-NULL) pointer to an integer array arr with arrlen > 0 elements, and that is susceptible to integer under- and overflows for some combinations of the two other integer parameters x and c:
void array_add(int32_t arr[], int32_t arrlen, int32_t x, int32_t c) { if(x<0||arrlen>INT_MAX/4){gotoerr;}
if (x * (int32_t) sizeof(int32_t)
>= arrlen * (int32_t) sizeof(int32_t)) { goto err; } if (c == INT_MIN) { goto err; }
if (arr[x] == INT_MIN) {
arr[x] = c; // overwrite uninitialized array value
arr[x] += c; // add to current sum
return; err:
fprintf(stderr, “Ouch, something bad happened. Quiting\n”);
exit(1); }
Page 6 of 10
6 Software Security: Return-Oriented Programming (14 points)
Assume an x64 Linux program that reads input from the network into a buffer that is vulnerable to an overflow. You observe the following 64-byte wide malicious input that successfully exploits the program:
offset hexadecimal representation (16 bytes per line) ascii repr.
—————————————————————————-
000000 41 41 41 41 41 41 41 41 42 42 42 42 42 42 42 42 |AAAAAAAABBBBBBBB|
000010 43 43 43 43 43 43 43 43 44 44 44 44 44 44 44 44 |CCCCCCCCDDDDDDDD|
000020 4c 2b 66 19 67 ea 87 aa 2c 21 40 00 00 00 00 00 |L+……,…….|
000030 01 00 00 00 00 00 00 00 40 8a 42 00 00 00 00 00
1. Canary (3 pts): Assume that the vulnerable function is protected by a random and zero-byte free 8-byte stack canary which the attacker has included in their ROP chain. What is the canary value? Watch out for endianness.
2. Buffer (3 pts): Infer from the ROP chain how many bytes fit into the vulnerable buffer before the actual overflow into other stack elements happens. Assume that the compiler does not use padding to align stack elements, and assume that the base pointer (rbp) is stored on the stack.
3. ROP Code (8 pts): On the right, you can find assembly excerpts of the vul- nerable program. Each line contains an address (e.g., 0x40212b) and the assem- bly instruction at this address. The code snippets also include the start addresses of three functions. The function names and arguments are given as comments.
Use these code excerpts to analyze the se- mantics of the ROP chain. Note down all ROP gadgets that are used in the chain, including jumps to functions. (+4) Write down which function call(s) and argu- ment(s) are part of the ROP chain. (+4) Ignore the buffer parts that you identi- fied as non-overflowing data and canary in the two previous subtasks.
0x40212b: 0x40212c: 0x40212d: ret ; … 0x4027f4: 0x4027f5: 0x4027f6: ret ; … 0x4027f4: 0x4027f5: 0x4027f6: ret ; … 0x424040:
; terminate(uint64_t status) ; …
; getflag(uint64_t is_authed) ; …
; read_file(uint64_t fd)
SFL Exam (2nd date)
inc rax pop rdi
xor rax,rax pop rsi
pop r9 pop rdx
Page 7 of 10
#define STDIN 0 void get flag() {
printf(“secret: flg{h1t-m3-b4bY}\n”);
int pw correct(char *password) {
// strcmp returns 0 if two strings are equal.
if (!strcmp(password , return 1;
“god123”)) {
} printf(“exiting…\n”);
1. (3 pts) What type of vulnerability does this program have? (+1) Mention which line shows this vulnerability (+1) and why it does (+1).
2. (5 pts) Draw the stack layout of the function secured print secret at the vul- nerable code part. Your stack layout should include the local function variables, the stack pointer, base pointer, and both the saved return address and base pointer.
3. (4 pts) Describe a program input that exploits the vulnerability and leaks the secret (to the console, which you assume to be able to read). There is no need to attempt to gracefully terminate the program after exploitation.
4. (2 pts) Would this attack work even if ASLR was applied on all code and all data sections? (+1) Why (not)? (+1)
int secured_print_secret() {
char password [64] = {
attempts to read up to ‘count‘ bytes ‘fd ‘ into the buffer starting at ‘buf ‘
printf(“enter password: // read(fd, buf, count) // from file descriptor
int i = if(i){
read(STDIN , password , 164);
password[i-1] = ’\0’; // remove newline if (pw correct(password)) {
get flag();
SFL Exam (2nd date)
7 Code-Reuse Attacks (14 Points)
Consider the following function of a Linux x64 program that checks if a password matches, and if so, prints a secret value. You do not know the password, and you want to leak the secret value. Assume that you can send and read arbitrary console inputs and outputs, respectively (e.g., over a network). You cannot use side channels (e.g., timing), nor do you have access to the program. Thankfully, the program has been compiled without compiler optimizations, the non-executable program stack has no canaries, and the program is executed without randomizing code/data locations.
Page 8 of 10
1 2 3 4 5 6 7 8 9
8 Web Security (11 pts)
You encounter a PHP script login.php as shown below. It assembles and queries a SQL statement in order to validate whether a username/password input is valid. The script considers authentication successful if the SQL statement returns one or more rows. Note that variable $req contains all user-controlled HTTP request parameters.
/* login.php */
$sql_statement = “SELECT * FROM users
WHERE username = ’” + $req[“username”] + “’ AND password = ’” + $req[“password”] + “’”;
$result = $db->query($sql_statement); if ($result->rowCount() > 0)
… } else {
// authentication
// authentication
succeeded ,
set cookies
failed , bail
1. (2 pts) What type of vulnerability does the code include?
2. (4 pts) Provide concrete script inputs that would trigger the vulnerability to bypass the login. Use this example invocation as template to structure your inputs: /login.php?username=christian&password=bvb09.
3. (3 pts) Can this concrete vulnerability be exploited even for more purposes other than bypassing authentication? (+1) If so, which? If not, argue why not. (+2)
4. (2 pts) Which general coding principle mitigates this vulnerability while preserv- ing the script’s benign functionality?
SFL Exam (2nd date)
Page 9 of 10
SFL Exam (2nd date)
9 Access Control (15 points)
User Group
Petyr Flatterers
Owner Group
? ???? ? ???? RWX — X Tyrion Flatterers RW RW —
dragon highgarden ironfleet ironislands kill-list
Privileges Group Other
Assume a system with the users/groups (left) and files (right) listed above. Answer:
pts): Can user “Rob” execute file “dragon”, and why (not)?
pts): Can user “Jon” truncate (empty) file “dragon”, and why (not)? pts): Can all listed users read file “dragon”? Why (not)?
pts): Which users can read file “kill-list”?
garden” such that user “Arya” can read (and only read) the file and nobody else has any access to the file. Assume MAC is in place.
6. (2pts):Definetheownershipattributes(+1)andprivileges(+1)forfile“ironfleet” such that users “Cersei” and “Tyrion” can write to and read from the file, and anyone can read the file.
7. (2 pts): Assume you create a new user and new group, neither of which owns any files. Can this new user still access some of the listed files? (+1) Why (not)? (+1)
8. (2 pts): Assume you create a new file that is owned by an unlisted user “Sansa” which is (only) in the unlisted group “admins”. Under which circumstances can this file be read by any of the owners/groups defined in the table above? (+2)
pts): Define the ownership attributes (+1) and privileges (+1) for file “high-
Page 10 of 10
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com