Chapter 18 Flashcards
(33 cards)
What programming practices help prevent buffer overflows?
Use bounds-checking functions (strncpy vs strcpy). Validate input lengths before copying. Use safe languages with automatic bounds checking. Avoid gets() use fgets() instead
Where should canary word checks occur in buffer overflow protection?
Check canary words before function returns. Verify canaries before critical operations. Check during exception handling. Immediate detection prevents exploitation
How does executable bit in page table prevent buffer overflow attacks?
Prevents execution of injected code in data pages. Stack and heap marked non-executable. Code injection becomes ineffective. Requires hardware support (NX bit)
What is purpose of salt with passwords?
Prevents rainbow table attacks on password hashes. Makes identical passwords have different hashes. Increases computational cost for attackers. Defends against precomputed attacks
Where should salt be stored and how used?
Store salt with password hash in database. Generate unique random salt per password. Concatenate salt with password before hashing. Salt can be stored in plaintext
What are two pros of watchdog programs for file security?
Fine-grained access control per file. Dynamic access decisions based on context. Can implement complex security policies. Real-time monitoring and logging
What are two cons of watchdog programs for file security?
Performance overhead for every file access. Complexity in programming and maintaining watchdogs. Potential single point of failure. May interfere with normal operations
List six security concerns for bank computer systems
Physical: server room access theft of equipment. Human: social engineering insider threats. OS: malware unauthorized access network intrusions data breaches
What makes denial-of-service attacks difficult to prevent?
Hard to distinguish legitimate from malicious traffic. Distributed attacks from many sources. Can overwhelm limited server resources. May use legitimate protocol features
What makes DOS attacks more effective and what are countermeasures?
More effective: botnets amplification attacks targeting bottlenecks. Countermeasures: rate limiting load balancing traffic analysis firewalls
What programs are prone to man-in-the-middle attacks?
Web browsers email clients instant messaging. Any unencrypted communication. Programs without certificate validation
What solutions prevent man-in-the-middle attacks?
Use encrypted connections (HTTPS SSL/TLS). Certificate pinning and validation. Digital signatures. Secure key exchange protocols
How is asymmetric encryption used for key exchange?
Client generates random symmetric key. Encrypts key with server’s public key. Sends encrypted key to server. Server decrypts with private key. Both use symmetric key for communication
What security problem occurs downloading public key from website directly?
Man-in-the-middle can substitute their own public key. No way to verify authenticity of received key. Attacker can decrypt and re-encrypt all traffic
How do certificate authorities solve the public key verification problem?
CA signs website’s public key with CA’s private key. Computers ship with CA’s public key pre-installed. Client verifies CA’s signature on website certificate. Establishes trust chain from CA to website
Why overwrite deleted sensitive data with random bits?
Prevents data recovery from deleted files. Physical sectors still contain data after deletion. Sensitive information could be retrieved. Random overwriting ensures data destruction
What is relationship between capabilities at different ring levels?
Domain at level j has subset of capabilities of domain at level i (where j > i). Higher numbered levels have fewer privileges. Each level can only access what lower levels permit
In process tree what is relationship between ancestor and descendant access rights?
A(x
What protection problems arise with shared stack for parameter passing?
Buffer overflows can overwrite other process data. Process A can read process B’s parameters. Stack corruption affects multiple processes. Difficult to isolate security domains
What protection structure exists when process n accesses object m only if n > m?
Hierarchical or lattice-based protection structure. Creates ordering of processes and objects. Prevents lower numbered processes accessing higher numbered objects
How to implement policy allowing process to access object only n times?
Use access counter in capability list or access matrix. Decrement counter on each access. Revoke access when counter reaches zero. System must track usage per process-object pair
Why is it difficult to protect system allowing user I/O?
Users can bypass OS security mechanisms. Direct hardware access circumvents access controls. Can potentially access other users’ data. Difficult to validate user I/O operations
How can system ensure user cannot modify capability lists?
Store capabilities in protected system memory. Use cryptographic signatures on capability lists. Hardware protection for capability storage. System calls to access capabilities safely
Is domain switching equivalent to including all privileges?
No - domain switching is temporary privilege escalation. Including all privileges is permanent access. Domain switching allows privilege separation. Better follows principle of least privilege
