Questions in file
Question 1 (12 points) Cyber-attacks: Can use Internet for this question only Research one of the following well-known cyber-attacks: the TJX breach, the Equifax data breach, the Sony attack, WannaCry ransomware campaign, or the Mirai botnet. Explain how this attack unfolds, including specific information about: (1) Attack objective: what are the goals and motivation of the attack?; (2) Type of attack: according to the attack types we discussed in class, does this fall under any category or categories?; (3) Attacker tools and techniques: what kind of exploits or other methods does the attack use? Use terminology we talked about in class. You can search on the web for information about this attack. Attack objectives: Type of attack: Attacker tools and techniques: References you used: Question 2: (9 points) Access control In each of the following scenarios, (1) select what kind of access control system is most appropriate (discretionary or mandatory) and (2) state a specific model or implementation of access control that would be suitable. 1) A small number of researchers store and share data with each other on a central server. The scientists often collaborate in groups. The data on the server is not considered to be extremely sensitive. 2) A news-wire service (like Bloomberg) gathers information about companies, and then shares that data with investors. Some information is considered to be very high quality, like official documents filed with the US Securities and Exchange Commission, while other information is considered to be suspect, such as rumors reported by former employees. 3) The US State Department is tasked with carrying out diplomacy with foreign powers. Junior analysts work with data that is mostly public, while senior analysts and ambassadors have access to extremely sensitive diplomatic cables. Question 3 (20 points) File Permissions Access Control Matrix: file1 file2 file3 file4 file5 user1 rw- r-x rwx rw- r-- user2 rw- rwx --- rwx rw- user3 rw- --- --- r-x rw- user4 rw- --- r-x r-x rwx user5 rwx r-x rwx r-x r-- Given above is an access control matrix that states the read, write, and execute privileges given to several users with respect to several files. In the below tables, write down the Unix-style file permissions that satisfy the access control matrix. One table allows you to assign users to groups (if necessary), the other allows you to specify the permissions, owner, and group of each file. Note that (1) the rules in access control matrix must be followed exactly, and (2) a user can grant themselves additional permissions on files they own. If a column of the access control matrix cannot be satisfied, explain why. User to Group Assignments: User Groups user1 user1 user2 user2 user3 user3 user4 user4 user5 user5 File Permission Table: Permissions (rwxrwxrwx) Owner Group Filename file1 file2 file3 file4 file5 Question 4 (12 points) Protected Mode Execution I. (3 points) Briefly explain what protected mode execution is. How is it implemented in modern computers? II. (6 Points) Name three things that unprivileged processes are forbidden from doing due to protected mode execution. 1) 2) 3) III. (3 Points) It is very common for processes that function as servers (e.g. a web server or a database server) to (1) run under their own user account, distinct from all other accounts on the system, and (2) for this user account to be heavily restricted (e.g. not have read access to non-server related files). This design exemplifies two critical cybersecurity principles. Name them. 1) _________________________ 2) _________________________ Question 5 (20 points) Threat Modeling Client 1. SQL Query 2. HTTP Request 3. HTTP Response Web server 4. SQL Results Database server This Photo by Unknown Author is licensed under CC BY-SA Modern web servers interact often with database servers for storing data they return to clients. A typical architecture diagram is shown in the figure above: (1) Clients perform an HTTP request: (2) The web server might issue a SQL query to the database; (3) The database returns the answer to the SQL query; (4) The server returns data to the client in an HTTP response. Part A (Attack vectors): Pretend you are an attacker (Mallory) who wants to target some sensitive files stored in the database. Describe five separate attacks that Mallory can mount. Describe in each case how the attack will be performed. Attack 1: Attack 2: Attack 3: Attack 4 Attack 5: Part B (Secure design) Design a system following the architecture diagram above that will be secure against the threats you identified. Use at least five different security techniques we talked about in class. For each security technique, discuss which attack it will prevent, and where will it be implemented in the overall diagram. Technique 1: Technique 2: Technique 3: Technique 4: Technique 5: Question 6 (15 points) The Stuxnet attack This question is about the Stuxnet attack and is based on the “Countdown to Zero Day” book. You should reference specific chapters from the “Countdown to Zero Day” book for your answers. I. As we discussed in class, malware can be categorized according to its behavior. Stuxnet is considered both a rootkit and a worm. Explain what behavior or functionality makes Stuxnet a rootkit and what makes it a worm. Rootkit: Worm: II. List three properties of Stuxnet that make it a very advanced malware. The book mentioned several times that multiple security researchers thought that Stuxnet was the most advanced malware at that time (in 2010). Give three reasons for this statement. Reason 1: Reason 2: Reason 3: III. Describe three new things that you learned by reading the book. New item 1: New item 2: New item 3: Question 7 (12 points) SQL injection An ecommerce website stores product data in a table called products that has the following columns: TABLE products: name TEXT, description TEXT, category TEXT Users can enter a search string for category and issue the following type of queries with different categories to find the name and description of products from that category: 'SELECT name, description FROM products WHERE category="%s";' This is the only way that client can issue queries to the database. In the same database, there is a table called users that has two columns: TABLE users: username TEXT, SSN TEXT (1) CONFIDENTIALITY VIOLATION: Show an SQL query that a client can craft to learn confidential information, such as the SSN of a particular user ‘alice’. The client can issue SELECT queries as above, where they provide a category string as input. (2) INTEGRITY VIOLATION: Show an SQL query that a client can craft to modify database information, such as modifying the SSN of a particular user ‘alice’. The client can issue SELECT queries as above, where they provide a category string as input.