Homework 1 for CS 165 (Spring 2024)
Due: on elearn by the end of day on Apr 26, 2024
Instructions:
* Be brief in your answers. You will be graded for correctness, not on the length of your answers.
* Remember to submit online through ilearn if you didn’t turn it in in-class. Paper copy will not be accepted.
I. Answer the following multiple choice questions (one or more correct answers) about password. (1 point x 4)
1. Which of the following describes a denial of service attack? __________
a) It can stop legitimate users from using a service.
b) It is hard to notice.
c) It can happen either locally or over the network.
2. Which of the following are true about passwords? _________
a) If the hard drive of a machine is stolen, it is easy to steal passwords that are saved on them (e.g., Linux login passwords).
b) Passwords should be stored on computers securely (e.g., in hashes or encrypted forms).
c) Passwords should always be stored in hashes. Encryption is a bad idea for passwords.
3. Why is computer security about looking at corner cases of a program? __________
a) Because vulnerabilities are triggered by inputs that are commonly observed in typical workloads.
b) Because security problems cannot occur in common cases of a program.
c) Because many security vulnerabilities are hidden and hard to discover.
4. Which of the following statements are true? __________
a) Security vulnerabilities are the same as program bugs.
b) Finding software vulnerabilities is analogous to finding loopholes in a complex game.
c) Analyzing the security of a system typically requires establishing the threat model.
II. There are many ways a user can be authenticated to a system, e.g., Something the individual knows, Something the individual possesses, Something the individual is (static biometrics), Something the individual does (dynamic biometrics). Describe which category the following instances belong to: (2 points)
Face:
Smartphone:
Typing rhythm:
The first car owned (make and model):
III. Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate and rank the degree of importance of the requirement. (2 points)
IV. Explain how much more work it is to crack an 8-character password compared to a 6-character one (assuming each character can be one of the 26 possible lowercase letters). In addition, estimate how long it will take to crack a 8-character password in the worst case, based on the actual speed in your own project 1 result. (1.5 point)
V. Briefly describe the purpose the following instructions and what they do: (1.5 points)
a) call
b) leave
c) ret
VI. Function calls are implemented using stack. We have shown a function below in C and its assembly code. You are required to
(1) Explain each assembly instruction briefly by inline annotation (example given for the first instruction). (3 points)
(2) Draw the stack frame. after instruction 11. (2 points)
1 int proc(void) {
2 int x,y;
3 scanf("%x %x", &y, &x);
4 return x-y;
5 }
GCC compiles it into the following assembly code:
1 proc:
2 pushl %ebp # push (store) the ebp register onto stack
3 movl %esp,%ebp
4 subl $24,%esp
5 addl $-4,%esp
6 leal -4(%ebp),%eax
7 pushl %eax
8 leal -8(%ebp),%eax
9 pushl %eax
10 pushl $.LC0 (Pointer to string "%x %x")
11 call scanf
Diagram stack frame. at this point
12 movl -8(%ebp),%eax
13 movl -4(%ebp),%edx
14 subl %eax,%edx
15 movl %edx,%eax
16 movl %ebp,%esp
17 popl %ebp
18 ret
VII. Answer questions below regarding the buffer overflow.
1 /* This is very low quality code.
2 It is intended to illustrate bad programming practices.
3 */
4 char *getline()
5 {
6 char buf[8];
7 char *result;
8 gets(buf);
9 result = malloc(strlen(buf));
10 strcpy(result, buf);
11 return result;
12 }
The above C code gets compiled into the following assembly code below:
1 08048524
2 8048524: 55 push %ebp
3 8048525: 89 e5 mov %esp,%ebp
4 8048527: 83 ec 10 sub $0x10,%esp
5 804852a: 56 push %esi
6 804852b: 53 push %ebx
Diagram stack at this point
7 804852c: 83 c4 f4 add $0xfffffff4,%esp
8 804852f: 8d 5d f8 lea 0xfffffff8(%ebp),%ebx
9 8048532: 53 push %ebx
10 8048533: e8 74 fe ff ff call 80483ac <_init+0x50> # gets
Modify diagram to show values at this point
The code shows an implementation of a function that reads a line from standard input copies the string to newly allocated storage, and returns a pointer to the result. Consider the following scenario. Procedure getline is called with the return address equal to 0x8046649, register %ebp equal to 0xbffffc96, register %esi equal to 0x1, and register %ebx equal to 0x2. You type in the string “012345678901”. The program terminates with a segmentation fault.
(1) Fill in the diagram below indicating as much as you can about the stack just after executing the instruction at line 6 in the disassembly. Label the quantities stored on the stack (e.g., “Return Address”) on the right, and their hexadecimal values (if known) within the box. Each box represents four bytes. Indicate the position of %ebp. (2 points)
+-------------+
| | Return Address
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
(2) Modify your diagram to show the effect of the call to gets (line 10). (2 points)
+-------------+
| | Return Address
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
| |
+-------------+
(3) To what address does the program attempt to return? (1 point)
(4) What register(s) have corrupted value(s) when getline returns? (1 point)
(5) Besides the potential for buffer overflow, what two other things are wrong with the code for getline? (2 points)
版权所有:留学生编程辅导网 2020 All Rights Reserved 联系方式:QQ:99515681 微信:codinghelp 电子信箱:99515681@qq.com
免责声明:本站部分内容从网络整理而来,只供参考!如有版权问题可联系本站删除。
