Informatik/Systemsicherheit - Questions.tex

\documentclass[10pt]{exam}  % Doc : https://mirrors.ircam.fr/pub/CTAN/macros/latex/contrib/exam/examdoc.pdf
\printanswers			    % Comment this line to hide the answers 
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage[german]{babel}
\usepackage{amsmath,amssymb}
\usepackage[dvipsnames]{xcolor}
\usepackage{tikz}
	\usetikzlibrary{fadings}
	\usetikzlibrary{calc}
\usepackage{tkz-tab}
\usepackage{pgfplots}

%Format Header and footer
\pagestyle{headandfoot}
\header{}{\Large\textbf{Systemsicherheit}}{}
\headrule
\footrule
\setlength{\columnsep}{0.25cm}
\footer{}{Page \thepage}{}

\begin{document}
\begin{questions}
    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{Risks in Electronic Payment:}\hfill

    From your personal experience: Which risks are involved in electronic payment systems?
    Start with thinking about the vulnerabilities of today’s methods, procedures, and mechanisms you are familiar with. Here are two possible scenarios:
    \begin{parts}
        \part Paying with a debit card (e.g. EC Maestro): starting with its use in a shop and ending with the money withdrawal from your bank account.
        \part Home banking using a static (e.g. snail-mailed) or dynamically generated transaction authentication number (TAN), e.g. sent from your bank via SMS (mTAN) or using a smartphone app (pushTAN).
    \end{parts}
    What are the advantages of smart cards (such as your thoska), carrying a microprocessor for cryptographic computations?
    \begin{solution}
        Electronic payment involves theft of data or money. Hackers may get access to bank accounts and use it the same way as the normal user but with different intentions (get rich). To prevent hacking of accounts, banks use different ways of defense.

        While paying with a debit card, the user must provide the card (physical item) and the pin code (knowledge). To prevent bruteforce attacks, a bank account is locked after a short number of invalid pin codes.

        Home banking uses a password (knowledge) and a TAN via Mail/Phone to have the possibility of hackers minimized.
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{Buffer Overflow Attacks:}\hfill

    Which vulnerabilities are exploited by a buffer overflow attack? How can you counter buffer overflow attacks? How could you at least mitigate the effects of successful buffer overflow attacks?
    \begin{solution}
Buffer overflow attacks aim to trick the softwar to execute futher attack code and exploit whatever the hacker needs. To prevent buffer overflow, one must check the maximum possible length of the input versus the users input. To mitigate any successfull attack, a programm should be contained and not have access to further information or programms but the necessary.

    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{Data vs. Information:}\hfill

    \begin{parts}
        \part What is the difference between data and information?
        \part What are the consequences for systems security?
    \end{parts}
    \begin{solution}
        Data is a collection of values like characters, numbers or other data types. Unprocessed data have little to no meaning to a human.
        Information is processed data so a human can read, understand and use it.
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{Root Kits:}\hfill

    Which special properties of root kits make them so extremely dangerous?
    \begin{solution}
        Invisible, total sustainable takeover of a complete IT system. 
        Root Kits are a comprehensive tool kit for fully automated attacks on all levels of the software stack.
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{NI: Dynamic Properties:}\hfill

    Similar to HRU, an NI model is basically formalized through a deterministic automaton. Can we also use it to analyze HRU Safety (no matter if by proof or by simulation)?

    If yes: How would HRU Safety for NI be defined (in prose)? If no: What extension of the NI model in the lecture would be required to enable Safety analysis?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{NI: Motivation:}\hfill

    Which security problem do NI models address? Name two modern application scenarios where this problem is highly relevant!
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{BLP and Biba:}\hfill

    What's the difference in terms of goals and formalism between the BLP and the Biba model?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{BLP: Lattice vs. ACM:}\hfill
    \begin{parts}
        \part Why does the BLP model contain both: (1) a lattice, which is mapped to subjects and objects via cl, and (2) an ACM?
        \part What problem might occur from using both (1) and (2)?
    \end{parts}
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{DAC vs. MAC:}\hfill
    \begin{parts}
        \part What is the difference between discretionary (DAC) and mandatory access control (MAC)?
        \part What are the weaknesses of discretionary access control systems?
    \end{parts}
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{TAM: Type System:}\hfill

    How is the type system in TAM formally represented within the HRU-based automaton? Which parts of the type system may change during runtime?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{TAM: Motivation:}\hfill

    What is the goal of the TAM security model?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{RBAC ACF:}\hfill

    As with any AC model, the formal components of RBAC are designed to enable access control decisions. However, in the ACF definition of RBAC0 (which is the basis for ACFs of the other RBAC96 models), the component UA is not included. Why?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{RBAC Safety:}\hfill

    How can we analyze RBAC safety? Which information is needed for this, and is it provided by RBAC96 models?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{IBAC vs. RBAC vs. ABAC:}\hfill

    What is the key difference between IBAC and RBAC models? How about ABAC models then?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{HRU Safety Undecidability:}\hfill

    Given HRU Safety is undecidable, what is the actual merit of this model? What can we do to handle the undecidability problem in practice?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{HRU: Unix Read:}\hfill

    How do we model a read operation, such as for a Unix-OS file system, in HRU? Remember that this operation neither modifies the subject set, nor the object set, nor the ACM.
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{ACM vs. HRU:}\hfill

    What is the idea that distinguishes an ACM from an HRU model? How is it formally represented?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{HRU: Output Function:}\hfill

    Why does an HRU automaton not have an output function?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{Core-based Model Engineering:}\hfill

    Assume you have to design the security policy for a very simple hospital information system, including
    \begin{itemize}
        \item users in roles such as physician, nurse, etc.
        \item legal information flows between these roles
        \item one operation to change a user's roles.
    \end{itemize}
    Re-use the model abstractions you know from chapter 3 to express this policy as a core-based model by answering the following questions:
    \begin{parts}
        \part Which formal components do you need beyond the actual model core? (2 sets and 2 relations should suffice!)
        \part What is the core specialization?
        \part What is the core extension?
        \part What are possible pre- and post-conditions of the only operation?
    \end{parts}
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{Common Model Core:}\hfill

    What is the common model core shared by models such as HRU, DRBAC, BLP, Brewer-Nash, and NI?
    \begin{solution}
    \end{solution}

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    \question \textbf{Hybrid Models:}\hfill

    Name the semantical concepts from AC, IF and/or NI models that can be found in
    \begin{itemize}
        \item the Brewer-Nash model
        \item the LR-CW model
        \item the the MLS-CW model.
    \end{itemize}
    Compare how these three models express allowed information flows according to the CW policy.
    \begin{solution}
    \end{solution}

\end{questions}
\end{document}