Security In Computing Pfleeger Solutions Manual -
AES is practical. RSA is ~100–1000× slower and cannot encrypt data larger than its key size without hybrid mode. Real-world solution: Use RSA to encrypt a random AES session key (hybrid cryptosystem), then encrypt the 1 GB file with AES. Topic 5: Authentication – Password Storage Problem 5 A system stores passwords as hash(password || salt) with SHA-256. Why is the salt necessary? If an attacker gets the password file, how does salt slow down cracking?
Show an injection that logs in as admin without knowing the password. Security In Computing Pfleeger Solutions Manual
Distance from buf to return address: From $ebp - 80 to $ebp = 80 bytes (buffer + saved ebp) Then +4 bytes to return address = 84 bytes total. Answer: 84 bytes of junk before new return address. Topic 4: Symmetric vs Asymmetric Encryption Problem 4 You need to securely send a large file (1 GB) to a colleague over the internet. Compare using AES (symmetric) vs RSA (asymmetric) for encrypting the file itself. Which is practical and why? AES is practical
# Default policy: drop iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT HTTP/HTTPS from anywhere iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT SSH only from local subnet iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT Implicit drop at end Topic 10: Risk Assessment (Quantitative) Problem 10 An asset is worth $500,000. A threat has annual rate of occurrence (ARO) = 0.2. If exploited, single loss expectancy (SLE) = $200,000. Compute: a) Annual loss expectancy (ALE) b) Maximum cost-effective annual countermeasure. Topic 5: Authentication – Password Storage Problem 5
| Subject | ReportX | Printer | BackupTape | |-------------|-------------|-------------|-------------| | Alice | read, write | – | – | | Bob | read | – | – | | FileServer | – | write | read | Problem 3 A C program has a buffer char buf[64] and a vulnerable gets(buf) . The return address is stored at $ebp + 4 . If buf starts at $ebp - 80 , how many bytes of junk are needed before overwriting the return address?
Using Bell–LaPadula: a) Can a Secret user write to a Confidential file? (Simple Security Property) b) Can a Confidential user read a Top Secret file? c) Can a Top Secret user write to a Top Secret file?