程序代写CS代考 SQL javascript dns database chain Java GPU android DHCP algorithm Popa & Wagner Spring 2016

Popa & Wagner Spring 2016
CS 161 Computer Security
Final Exam
Print your name: , (last)
(first)
I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that any academic misconduct on this exam will lead to a “F”-grade for the course and that the misconduct will be reported to the Center for Student Conduct.
Sign your name:
Print your class account login: cs161- and SID:
Name of the person sitting to your left:
Name of the person sitting to your right:
You may consult three sheets of notes (each double-sided). You may not consult other notes, textbooks, etc. Calculators, computers, and other electronic devices are not permitted. Please write your answers in the spaces provided in the test. We will not grade anything on the back of an exam page unless we are clearly told on the front of the page to look there.
You have 180 minutes. There are 12 questions, of varying credit (200 points total). The questions are of varying difficulty, so avoid spending too long on any one question.
Do not turn this page until your instructor tells you to do so.
Page 1 of 19

Problem 1 True or false (21 points) Circle True or False. Do not justify your answer.
(a) True or False: DHCP spoofing can be prevented by using Ethernet instead of wireless.
(b) True or False: SYN Cookies help defend against distributed syn flooding attacks.
(c) True or False: Source port randomization is a helpful defense against Kaminsky
blind spoofing.
(d) True or False: An off-path attacker is more powerful than an on-path attacker: anything an on-path attacker can do, so can an off-path attacker.
(e) True or False: An on-path attacker is more powerful than an off-path attacker: anything an off-path attacker can do, so can an on-path attacker.
(f) True or False: Internet censorship requires an in-path attacker (i.e., an on-path attacker that can both observe all packets and also drop any packets the censor wishes).
(g) True or False: If you use HTTPS but not DNSSEC, the confidentiality of data you send over HTTPS is protected against on-path attackers (ignoring implementation bugs and/or CA failures).
(h) True or False: If you use HTTP and DNSSEC, the confidentiality of data you send over HTTP is protected against on-path attackers (ignoring implementation bugs and/or CA failures).
(i) True or False: CBC mode encryption provides both confidentiality and integrity.
(j) True or False: CBC mode encryption provides confidentiality against chosen-
plaintext attacks (IND-CPA security).
(k) True or False: Using a pseudorandom number generator, seeded by the current time of day (measured to microsecond precision), is a good way to generate an AES key.
(l) True or False: Cryptography is a reasonable defense if an adversary might be able to eavesdrop on network packets.
Final Exam Page 2 of 19 CS 161 – Sp 16

(m) True or False: Stack canaries are a good defense against heap-based buffer over- flows.
(n) True or False: Fuzz-testing requires access to source code to find vulnerabilities.
(o) True or False: Prepared statements are a good defense against SQL injection.
(p) True or False: Setting the “secure” flag on a cookie (so it will only be sent over HTTPS) is a good defense against CSRF.
(q) True or False: TLS does not provide confidentiality if you use a TCP implemen- tation whose TCP initial sequence numbers are predictable.
(r) True or False: Access control ensures that authorized users who have access to sensitive data won’t misuse it.
(s) True or False: Alice wants to communicate with Bob using Tor with 3 interme- diaries. If the first 2 intermediaries are dishonest, they will be able to determine that Alice and Bob are communicating.
(t) True or False: When a client sends a message over the Tor network, Tor’s onion routing works because each intermediary encrypts the message they receive with the public key of the following intermediary, so no one else can decrypt the messages.
(u) True or False: The homomorphic properties of encryption allow servers to com- pute products or sums of encrypted data without having to decrypt it, as long as the data is encrypted with the right encryption algorithm.
Final Exam Page 3 of 19 CS 161 – Sp 16

Problem 2 Identify the vulnerability (12 points) You are doing a security test of a website, ShopSMart.com. In each part below, based on the symptoms you observe, give the name of the type of vulnerability that is most likely responsible for those symptoms. Write just the name of the type/category of vulnerability (e.g., “buffer overrun”); you don’t need to write a detailed description of the specific attack or vulnerability.
(a) You try to sign up for an account and type Can’t stop the signal into the text field for entering your last name. When you click the button to submit the form, you see an error page that mentions a syntax error in the database query.
What type of vulnerability does this most likely indicate?
(b) You sign up under your real name, then place an order for 65539 bookmarks: you add the bookmark to your cart and enter a quantity of 65539. You place the order. A week later, a giant package arrives at your doorstep containing 65539 bookmarks. You check your credit card bill, and you see you’ve only been charged for 3 bookmarks.
What type of vulnerability does this most likely indicate?
(c) ShopSMart.com has a one-click buy feature: on the web page for each item, there is a button labelled “Buy instantly!”. If you click that button while logged in, it instantly places an order for the item and charges your credit card on file, without requiring you to go through any other web pages (there’s no separate checkout page, no confirmation page—the order is placed immediately). You view the HTML source for the page for the bookmark, and you see