TU Wien:Introduction to Security VU (Weippl)/Prüfung 2012-11-12 (Midterm Exam)

Group A

• Define at least three goals of computer security. (3 points)
• List and briefly define two uses of a public-key cryptosystem. (2 points)
• What properties must a hash function have? (4 points)
• What is the difference between a block cipher and a stream cipher? (1 point)
• Briefly explain Diffie-Hellman key exchange. (1 point)
• Why is it useful to have host-based firewalls? (1 point)
• What is a honeypot? (1 point)
• Define a denial-of-service attack. (1 point)
• Define a distributed denial-of-service attack. How ist it possible to prevent this kind of attack? (2 points)
• What are the types of buffer overflows? What are the possible consequences of a buffer overflow occurring? (3 points)
• Countermeasures against buffer overflow. (1 point)
• Define a cross-site scripting attack. List an example of such an attack. (2 points)
• Define race condition. State how it can occur when multiple processes access shared memory. (3 points)

Group B

• What is the difference between AES and DES? Which one is more secure?
• Define the difference between software quality and reliability and software security.
• Define an injection attack. List some types of injection attacks. What are the general circumstances in which injection attacks are found?
• Define shellcode.
• What is an application-level gateway?
• Define a denial-of-service attack. Why does to source address get spoofed often?
• What types of programming languages are vulnerable to buffer overflows?
• How many keys are required for three people to communicate via a symmetric cipher?
• What are the general approaches to attacking a cryptosystem? (something along those lines)

The rest of the questions in group B were the same.