From: Mart Lubbers Date: Wed, 25 Jan 2017 08:51:16 +0000 (+0100) Subject: update mock exam workout X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=5df171350877f930705f45332682c8c310697847;p=ss1617.git update mock exam workout --- diff --git a/mock/mock.txt b/mock/mock.txt index aec9cf9..9f687b0 100644 --- a/mock/mock.txt +++ b/mock/mock.txt @@ -62,3 +62,62 @@ If the program writes the object to a file and then reads it back in the attacker can inspect the serialized object and change things before it is read back. +5a. + A class that is not privileged to execute a certain operation can contain + an object of a class that does have a permission that is denied in the + him. When calling this subroutine on the object it can do stuff it was not + permitted to do and therefore violate the permission rule. When walking the + entire stack it can see that the caller of the function does not have said + permission and therefore deny it. +5b. + try0 will fail because class U does not have permission for P. + try1 will fail because class I does not have permission, class T does but + class I is also in the stack walk and permission has not been + explicitly granted. + try2 will succeed because class U does not have permission but class T + grants this permission by calling enablePrivilege(P). + try4 will succeed in the first call to m2 but later it will fail on m1 + because when going back up the callstack the permissions are not kept. +6a. + e:t s1:ok t s2:ok t + ------------------- + if e then s1 else s2:ok t + +6b. + Implicit information flow can reveal information about a H compenent when + it is in the conditional part of the if statement. For example the + statement: "if (hi > 0) then lo1 else lo2". This doesn't seem illogical + since lo1 and l2 are supposed to be both safe. However, execution time + analysis may reveal whether hi is bigger than zero which may not happen + since high is confidential. + This is taken care of in the rule by also needing e to be safe for type t. +7a. + It means that there is no information leaking. For example when we have the + statement "if (h > 0) then l=print(l) else print()" this leaks information +. about h. +7b. + When an exception is thrown this can inform the hacker about information in + h. +8. + +9. + We can do generational fuzzing. We know that the format and the fact that + it is ordered so to test the protocol we can send messages in the wrong + order, in the wrong format or even both. + + Moreover some dumb fuzzing can be done by sending a bunch of nonsense, or + sending it extremely slow. +10. + Almost all buffer overflows become malicious because the user can influence + with which data the buffer overflows. When a language +11. + In the functions add, remove and containts the value of i must be bigger or + equal than 0 and smaller than 10. This can be done with an + "requires i >= 0" and a "requires i<10" + +12. + The execution time of i and ii will be the same because the PPC code will + not insert runtime checks. It will just statically analyse whether the code + is safe and then leave it be. Binary iii will be slower because memory-safe + languages like Java and C# often introduce runtime checks for things like + array bounds checking.