TU Wien:Advanced Security for Systems Engineering VU (Fankhauser)/WS17-18, 1. Test vom 19.01.2018

From VoWi
Jump to navigation Jump to search

About 6 pages (31 questions), 1-3 points per MC question, 3-6 points per open question (total points: 80)

  • What are the assumed capabilities (typical threat model) of an attacker for a networking scenario? Explain the capapilities of the attacker and explain why did you choose this threat model.
  • (MC) Attack scenarios of CSRF
  • (MC) Which attacks can be mitigated using input validation? [ Path Traversal | XSS | Session Fixation | File Upload ]
  • (MC) Is it possible to access files an execute programs on the os level using a path traversal attack [ Y | N]
  • (MC) What can an XML bomb do? [ DOS | read files | yield high CPU usage | ? ]
  • What does the Austrian's passport's EAC protect?
  • How can an Integer overflow be used for exploitation? Write a vulnerable code snippet and describe how to exploit.
  • (MC) Does ASLR provide sufficient entropy on 32 bit systems to protect against brute forcing? [ yes | no ]
  • (MC) On x86 machines, can ASLR harden exploits using ROP attacks? [ yes | no ]
  • You have an ICC with an installed SIM application. What values do you need to retrieve to clone the SIM? Can you use these values to do a MITM attack (if the mobile station and base station support 2g)?
  • (MC) How can you mitigate a File Upload attack? By checking for.. [ null byte file | large file | wrong filetype | ? ]
  • Name 2 Android reverse engineering tools.
  • Name 2 network forensics tools.
  • (MC) Mark all symmetric encryption algorithms [ RSA | ElGamal | Salsa20 | AES ]
  • (MC) What does Shor's Algorithm say can be done efficient? [ prime factorization | solve the descrete logarithm problem | do lattice based crypto | do code based crypto]
  • (MC) Mark basic obfuscation techniques [Identifier Remapping | Literal Encryption | Code Encryption/Packers | ?]
  • (MC) A digital forensicist's every day's task is to examine pollen dust on hard drive media in order to find a suspect's geolocation before, during and after some event. [ T | F ]
  • Some guy travels via plane to some random destination. He uses full-disk-encryption on the notebook he carries with him. An airport officer plugs some cable into the Firewall port and tells the poor guy to start his notebook, in order to prove it's not a nuclear bomb. What kind of attack can you think of?
  • (MC) PACE is a security feature of the Austrian passport. [ Y | N ]
  • Why do Availability and Authenticity conflict with each other? Name and describe an example.
  • (MC) Which of those principles do Salzer and Schroeder recommend? [ Economy of Mechanisms | Complete Mediation | open design | ~security by obscurity ftw ]
  • (MC) Does the principle 'Leveraging Existing Components' imply that the reusability of existing components is good for security? [ Y | N ]
  • Software programming using modular approach vs. monolithic approach - which one is better? Does this depend and why?
  • (MC) Mark stack overflow mitigation techniques: [ ASLR | ROP | R XOR W | ? ]
  • Something else with CSRF..