4220_COMP_SCI_3307 Quizzes Assignment 4
Assignment 4
Quiz instruc!ons
You are allowed to refer to lectures’ slides, but it’s NOT OK to get someone to help you.
Copyright By PowCoder代写 加微信 powcoder
You may submit as many !mes as you want. Only the last submission will be marked. If your last submission is a”er the due date, late penalty will be applied even if you have prior on-!me submissions.
Select ALL true statements
Note: The number of correct answers ranges from 0-4
In C, unsigned integer overflow will cause a trap
For the same number of bits, two’s complement can store more values than ones’ complement The aim of fuzzing is to crash a program
Poison values protect against buffer underflow
Ques!on 2 1 pts
Match the following terms
Cross Site Scrip!ng
[ Choose ]
[ Choose ]
[ Choose ]
[ Choose ]
Ques!on 3 1 pts
Provide a brief descrip!on of: Address Space Layout Randomiza!on Edit View Insert Format Tools Table
12pt Paragraph
0 words
Ques!on 4 1 pts
Provide a brief descrip!on of: Transient Execu!on Edit View Insert Format Tools Table
12pt Paragraph
0 words
Ques!on 5 2 pts
Consider bugs and vulnerabili!es
Define the terms, compare them, and highlight any similari!es and differences between them
Pilsung is a North Korean cipher based on AES. As in AES, the state consists of 16 bytes, and the rounds follow the same pa$ern as AES. Unlike AES, Pilsung uses mul!ple SBoxes for encryp!on. Specifically, it uses different SBoxes for each state byte at each round. We use SB[r,b] to denote the SBox used for the byte b (0<=b<16) of round r (0<=r<10). For example SB[3,7] is used for byte number 7 of the state at round 3 of the encryp!on. Each of the SBoxes consists of 256 entries of size 1 byte each. The SBoxes are stored in consecu!ve loca!ons in memory.
1. Assuming that cache lines are 64 bytes and that the SBoxes are aligned at the start of a cache line, how many cache lines does each SBox cover?
2. Assuming that the cache has 64 sets, which SBoxes fall in the same cache sets as SB[0,0]?
3. What is the probability that a cache set is accessed in the SubBytes step of a round? (percents, rounded to the nearest percent)
4. What is the probability that a cache set is accessed in the SubBytes step of any of the rounds of the encryp!on? (percents, rounded to the nearest percent)
5. Using a first-round Prime+Probe a$ack, how many bits can we expect to recover from each key byte?
Ques!on 8 2 pts
Due to the way Pilsung is implemented, the SBoxes are not aligned with a cache line start. Instead, the SBoxes are shi"ed by one byte. That is, byte 0 of the SBox is in offset 1 of the cache set. How can you exploit this memory layout to recover all of the bits of Round Key 0 using a first-round Prime+Probe a$ack?
Edit View Insert Format Tools Table 12pt Paragraph
0 words
Ques!on 9 5 pts
The following code fragment handles a password update form.
if ($_SERVER[“REQUEST_METHOD”] == “POST”) {
if ($_POST[“password”] != $_POST[“verifypassword”])
fail(“Passwords do not match”);
else if (!checkPasswordRules($_POST[“Password”])
fail(“Insecure password”);
else if ($_POST[“oldpass”] != $_SESSION[“pasword”])
fail(“Authentication failed”);
$db->query(“UPDATE users SET paswword='”+$_SESSION[“password”] + “‘” +
“WHERE userid='”+$_SESSION[“userid”]+”‘”);
(a) Iden!fy all of the security weaknesses of the code
(b) Explain how an a$ack might exploit these weaknesses (c) Fix the code
Edit View Insert Format Tools Table 12pt Paragraph
0 words
Submit quiz
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com