TU Wien:Systems and Applications Security VU (Lindorfer)/Exam 2021-01-27
1. Name and shortly describe two Kernel exploit protection mechanisms.
2. Which of the following are true about symbolic execution
a. fast method to analyse programs
b. values can be symbolic formulas over the inputs
c. tries to follow all execution paths and add constraints on forks
d. tracks only the concrete state of programs during analysis
3. What are potential problems/security impacts when updating firmware?
a. Incorrectly/inconsistently verified signatures
b. Non-verified signatures
c. Leaking signature keys
d. Mutual-authenticating update protocols
e. Allow firmware downgrade
f. TOCTOU attacks
g. Signed packages
4. What is a side channel attack? Give two examples with different side channels and explain them briefly
5. Briefly describe the difference between malware was commonly distributed on desktops and how malware is distributed on mobile platforms.
6. You received a wireless home router from your ISP and suspect that it has hidden functionality in it that might be disadvantageous for you. You open up the router and discover a SoC controller chip and a memory chip in the device. Describe which steps you can take to analyze the firmware of the device in order to identify hidden functionality, back-doors and vulnerabilities.
7. Discuss CSRF attacks in the modern Web (2021). Which mechanism has been introduced to mitigate this threat? Provide a specific threat model which still requires other CSRF protections given that the previous mitigation is ineffective.
8. Explain the concept of packed code frequently found in malware and why do malware authors employ code packing?
9. What is black start capability?
a. Power plants that are able to operate even in the absence of an active power grid.
b. Power plants that are disconnected from the power grid in the night.
c. Power plants providing secondary reserve only.
d. Thermal power plants using coal.
10. What are characteristics of the Android developer signatures?
a. They can be handled by Google Play on behalf of developers
b. They allow users to identify the developers
c. They need to match the certificate on the developer's website
d. They are typically self signed
11. Explain why you need addresses in the same bank if you want to launch a Rowhammer attack.
12. Which techniques are utilized by ZMap for fast scanning?
a. deployment of scanning servers at central places in the Internet
b. exploitation of firewall behavior
c. direct generation of Ethernet frames
d. pseudo-random generation of addresses
13. List and briefly describe 3 ways how malicious programs detect and evade an analysis environment.
14. Briefly describe which point in time is most promising for an attack against the power grid, and why.
15. What is true about secure boot?
a. If signature verification in a stage fails, boot continues with a warning message
b. The bootloader allows booting of unauthorized operating systems
c. Allowed to set more protections, but not to remove protections on following stages
d. The operating system verifies the bootloaders signature
16. What are the possible goals of a "clickjacking" attack? What are possible countermeasures against this threat?
17. What is a Use after free and how can it be exploited?
18. Which of these properties apply to the Android Runtime (ART)?
a. The ART runs code that was compiled from Java or Kotlin source code.
b. The ART supports both ahead-of-time compilation and just-in-time compilation.
c. The ART is a register-based VM.
d. The ART requires developers to compile applications to native code (ELF).
19. Given the following CSP, which of the following statements hold true?
20. What is the IPv6 address length?
a. 256 bit
b. 64 bit
c. 128 bit
d. 32 bit