For each of the following scenarios, which type of interference is taking place?
(a) Alice alters Bob’s file without permission.
(b) A hacker deploys software to observe packets travelling on a network.
(c) A website receives a flood of requests for a web page, preventing callers from
viewing the site.
(d) A user receives an email appearing to be from his supervisor, who did not send
How many possible Caesar ciphers are there in English?
Assuming a 26-character alphabet (ignoring, for example, punctuation), there are 25
How would you decode an English message encoded in ROT13, assuming an 26-character alphabet?
You would apply the same function again! The cipher is its own inverse. Two shifts of 13 return you to your starting point in the English alphabet. In this case the
encryption key and the decryption key have the same value.
Why is public key cryptography called asymmetric and private key cryptography called symmetric?
In public key cryptography there are two different keys, the public key and private key, one used for encryption and the other for decryption.
In private key cryptography there is one key, the secret key suitable for both encryption and decryption.
What classes of cipher might you be likely to use in the following circumstances?
(a) Storing passwords in a local file
(b) Proving you sent an email
(c) Using a wireless connection on your laptop
(d) Encrypting files on a file system
(a) Hash - hash function provides a quick way of associating an input with a numerical output
(b) Public key and hash (for signing) -
(c) Stream - encrypt communications of unknown length ‘on the fly’
(d) Block cipher - which transforms fixed-length blocks of plaintext into ciphertext
What is a secure channel?
A secure channel is a communication channel between a pair of processes that can authenticate each other and provides confidentiality and integrity services, including
Give an example of a handshake in SSL.
Cipher negotiation and certificate exchange are examples.
Why would a class loader check for overriding of final methods, when this check is already performed by a compiler before producing a class file?
The class loader is examining bytecode, which could have been altered since compilation.
Why would a security policy require that the security manager could only be set once?
This means that another manager cannot be substituted, so the ways in which checks are performed cannot be altered.
State the two steps required to implement permissions-based security for an application.
1 A security manager must be installed for the application, either on the command line
or in the code.
2 A policy must be specified, either dynamically (by executing some code) or statically (using default policy files or a specified policy file).
Explain the purpose of the following entry in a policy file. Identify the target and the action.
grant codeBase "http://www.gggg.com"
permission java.io.FilePermission "C:\database.dat", "read";
This is a policy entry granting FilePermission to code from the code base
allowing that code to carry out "read" actions on the file database.dat.
In the following scenario, identify possible subject(s) and principal(s).
Jane Doe wishes to make an online purchase. Jane will first need to authenticate herself to her computer by logging in. Once online, she logs in to her shopping website account and makes a purchase using her credit card. Later she visits the website of the department of motor vehicle licences and enters her driving licence number to check that her contact information is correct.
The user Jane is the subject.
The principals are her user IDs for her computer and for the online shop. (The passwords in each case are credentials used to authenticate her.)
Another principal is the driving licence number Jane used to login to the motor vehicle licensing website.
Why would you normally want to implement the equals method of an implementation
You need to implement equals so that the system can compare one principal to another. If you do not do this, your principal will inherit equals from Object, and equality will be determined based on principal references rather than their contents.
Why do you think the PrivilegedAction interface is required?
An instance of a class implementing the PrivilegedAction interface encapsulates and demarcates the work to be done with a set of privileges.
This means that there is less chance of accidentally invoking code with certain privileges, and also it is clear when that set of privileges stops applying and we go back to using the thread’s context.
Distinguish between a subject and a principal.
A subject is an entity that can be authenticated, that is, a source of a request to perform some action.
A principal is an identity associated with an authenticated subject.
What is the purpose of a login module in JAAS?
Authentication and Authorization Service (JAAS).
A login module implements a method of authentication, such as biometric scanning or prompting a user for a login and password.
A commit method is used to associate credentials with a subject.
When would you use the method doAsPrivileged?
You would use this method when you want to execute code with the permissions associated with a particular principal.
You can grant a principal permissions in a policy file, and this principal can be associated with a subject on authentication.
What steps are taken when a protected web resource is accessed?
At this point (if lazy authentication is used) the caller must be authenticated. If successful, this results in the server storing credentials for the caller in a session context.
The credentials are subsequently used to decide if the caller may access the protected resource, using a principal or role (see below for a discussion of roles).
Once authenticated, a caller can be identified by one or more principals, which are mapped to roles by the container. A role represents a type of user, for example, a customer or administrator. Setting up roles requires some initial configuration, but can be simplified by collecting principals in a group and assigning a role to the group.
Belonging to a role is similar to having a key to a room containing the various resources the role is allowed to use – all members of the role have the same privileges. Remember that principals are created on authentication. Therefore, when a caller is authenticated, if the caller’s principal or group can be mapped to a role permitted to access the requested resource (or code), then the action is authorised.
Roles separate the mechanism for controlling security from descriptions of users or callers outside the container. This means that the container need not be concerned with who or what has made a request, but only with whether or not the role associated with a caller is allowed to do what it is attempting. Notice also that this means that only the person deploying the code needs to know what roles users are in, and hence what privileges they have.
What is a role and how does it relate to users of a system?
A role is a name for a kind of caller and can be used to authorise actions.
Users can be mapped to groups or roles so that the permissions applied to the roles apply to those users.
Thus, a programmer does not have to know the users of a system, just the different roles of users of a system.
Explain the difference between declarative and programmatic security.
In declarative security, security roles and restrictions on the execution of code are established using entries in XML deployment descriptor files.
In programmatic security, roles and restrictions are established using Java code.