DIGI112 - ICT-Security
DIGI112 - ICT-Security
• Data. These are the facts that the system collects, organizes and processes
to create useful information. This usually indicates the files and databases
used to store the data, too.
• Procedures. Any sequence of steps necessary to perform a useful operation
on an information system.
• People. This includes people using, administrating and designing the sys-
tem. They are essential for the system to function, but they can also be
manipulated and serve as weak points.
Hardware, software, and data are usually referred to as assets and they are
the components of an information system that hold value to the system owners
and users. Hence, these are usually the components that need to be protected.
1
1.2 Cybersecurity and its Properties
Now that we know what we are securing, we can give a more detailed definition.
One good place to start is the definition given by NIST, the American National
Institute of Standards and Technology.
Definition 1.1 (Cybersecurity) Measures and controls that ensure confiden-
tiality, integrity and availability of information system assets including hard-
ware, software, firmware, and information being processed, stored and commu-
nicated.
The definition introduces three fundamental security properties, called the
CIA Triad. NIST gives the following definition of the three properties.
• Confidentiality. Preserving authorized restrictions on information access
and disclosure, including means for protecting an individual privacy.
• Integrity. Guarding against unauthorized information modification or de-
struction.
• Availability. Ensuring timely and reliable access and use of information.
In addition to the CIA triad, there are two more security properties that are
generally required, authenticity and accountability.
Authenticity is a property of information. Some information is authentic
if it is genuine and can be trusted, and there are mechanisms in place for it
to be verified. Note that this is a slightly stronger notion than data integrity.
However, it does not account for destruction of information.
Accountability is a property of an information system. In a system that has
the property of accountability it is possible to trace an action performed on the
information system to the actor who performed the action. The rationale behind
accountability is that information systems that are truly secure have never been
achieved, and some argue they will never be achieved. Then we require at least
that it is possible to identify the responsible of a security breach when we detect
it.
2
• Low impact, if adverse effects are limited, such as a partial interruption
of non-critical services.
• Moderate impact, if there are serious adverse effects, such as a critical
interruption of services, or harm to a user.
• High impact, if there are devastating and potentially permanent adverse
effects, such as a permanent interruption of services, or serious harm to a
user, including death.
In order to prevent security breaches, and mitigate their effects if they were
to happen, security researchers try to identify vulnerabilities in an information
system. Vulnerabilities are flaws in the design or operations of an information
system that can cause a security breach. Once a vulnerability is found, it is
possible to identify a threat to an information system When we study a threat,
we usually divide it into two parts: threat consequences and threat actions.
Threat consequences are the potential effect a threat might have on the system
security properties. Threat actions are the attacks or events that could lead to
a realization of the threat, and thus of the threat consequences. We can see
that this distinction between threat actions and threat consequences highlights
cause and effect in a threat. This means we can study them separately and
design countermeasure to prevent the former, and mitigate the latter. We give
a schematic presentation of threat consequences and the possible threat actions
causing them in Table 1.3.
2 Cryptographic tools
An important part in the toolbox of cybersecurity are cryptographic algorithms.
These algorithms have a wide variety of applications, but we will explore the
most common and which security properties from the CIA triad they enforce.
Table 2 summarizes the cryptographic protocols and the security properties they
can be used to enforce.
2.1 Encryption
Symmetric encryption is the most iconic and fundamental of cryptographic al-
gorithms. An encryption scheme is generally composed by two algorithms. An
encryption algorithm E and a decryption algorithm D. The two algorithms both
take a secret key as input. The encryption algorithm takes a message m, called
plaintext, as input and produces a ciphertext c = E(m, k). The ciphertext is
unreadable for anyone who does not know the secret key and looks like random
data. The decryption algorithm takes the secret key and the ciphertext and re-
stores the original message: m = D(c, k). Note that the message is restored only
if the same key was used in encryption and decryption, otherwise the decryption
produces garbage.
The most typical use of symmetric key encryption is data transmission. This
setting is illustrated in Figure 1. We have a sender, Alice, and a receiver, Bob,
3
Threat consequence Threat Action
Unauthorized Disclosure: Exposure: sensitive data is released to an
an entity gains access to unauthorized entity from within the informa-
data for which it is not tion system.
authorized. Intrusion: an unauthorized entity gains access
Impacts confidentiality. to sensitive data by circumventing a system’s
security protections.
Interception: an unauthorized entity captures
sensitive data travelling between authorized
sources and destinations.
Inference: an unauthorized entity deduces
sensitive data by reasoning from observed data
or communications.
Deception: an authorized Masquerade: an unauthorized entity poses as
entity receives false data an authorized entity.
and believes it to be true. Falsification: false information deceives an au-
Impacts system and thorized entity.
information integrity.
Repudiation:an entity falsely denies responsi-
bility for an action.
Disruption: interruption Incapacitation: an entity disables a compo-
or alteration of a system nent of the system
services and functions. Corruption: an entity adversely modifies sys-
Impacts availability and tem functions or data
system integrity
Obstruction: an entity hinders system opera-
tions by blocking communications or overload-
ing components of the system
Usurpation: an Misappropriation: an entity assumes unau-
unauthorized entity control thorized logical or physical control of a system
of system services or resource
functions Misuse: an entity alters a system component
to perform an unintended function
4
Security Property Cryptographic algorithms
Confidentiality Encryption
Integrity Hash functions, MAC, Digital Signatures
Availability None
Authenticity Digital Signatures, MACs (somewhat)
Accountability Digital Signatures (somewhat)
5
Figure 2: Hash function
Note that it is still possible for two inputs to collide, or to find a pre-image,
but the probability is very low. For SHA-256, one of the most wide-spread
cryptographic hash function, the probability is about one in 1068 even for the
weakest variant.
A hash function is useful to ensure the integrity of data. Indeed, we can use
the digest of a file or message to check if they were modified. The difficulty of
finding a different input with the same digest would make it highly unlikely that
an attacked was able to modify the data without changing the digest. Moreover,
while the data might be costly to store, a digest is typically smaller and can be
stored or published much more easily and in more locations than the original
information.
2.3 MACs
A MAC, or message authentication code, is a short tag used to verify the in-
tegrity of a message. It is rather similar to a hash function. However, a MAC
takes a secret key as an additional input. This means that only people in pos-
sess of the secret key are able to create and verify a message against a tag. The
properties of a MAC are similar to the ones required from a cryptographic hash
functions, considering both key and message as the input of the hash. Despite
their similarities, MACs are required one extra property, unforgeability. It must
be difficult to predict the MAC of a message using a specific key even after
knowing many examples of tags generated with that key.
Still, one of the most popular ways to construct a MAC is to use a Hash
function as basis. Such a construction is called an HMAC and it is the most
widespread example of MAC.
A MAC is useful to ensure the integrity of data, but it also gives a degree
of control as to who produced the data, as only someone possessing the right
secret key can produce the tag, also providing authenticity within certain limits.
In fact, to provide authenticity in a stronger and more flexible way, we usually
employ the next cryptographic primitive.
6
Figure 3: MAC
7
Lecture 2 - User Authentication
DIGI112 - ICT Security
08.09.2022
1 Principles of Authentication
Broadly speaking, authentication is the process of establishing confidence in a
user identity presented to an information system. It should not be confused
with the process of determining what a user can access or which actions a user
can perform in the system. Authentication can take place on a local system, or
remotely, but it can generally be modelled in a similar way.
Credentials are not very well defined for now, but we are going to explore
better what could be their nature. For now, suffices to say that they are some
piece of data that is bound to the user identity by the CSP. An example could
be a set of username and password to log in to a website.
Now that we know the identities involved in authentication, we can proceed
to see the two main flows in authentication. The first one is the registration
1
flow, where a user applies to subscribe to an authentication system. The second
one is the authentication proper.
Registration
Registration is itself divided into two actions. The first one is the application,
where an user contacts an RA and presents proof of their identity. Then the RA
has the job to vet the presented proof and verify that it satisfies the requirements
to register. The nature of the proof and the requirements it needs to satisfy
are defined by the authentication system. For instance, when registering to a
website, it is often enough to present a valid email address. In this setting,
the vetting process is often a verification of said email address, by interacting
with a link sent to it. This is a very simple example, but vetting processes can
require many steps, waiting times, and sometimes require government issued
identification.
The second part of registration starts when the RA endorses the user identity.
The user engages in a process with the CSP of the system. This service issues
credentials to the users and binds them to the user identity. Credentials might
be sometimes set by the user. For instance, in the case of websites it is rather
common for the user to set a password. On the other hand, when issuing a
PIN for a smart cart it is more common for the CSP to assign one. Note that
credentials issuing is sometimes separated from registration proper. This is
because many systems allow for credentials re-issuing without going through a
full identity vetting.
This flow is recapped in Figure 1, steps R1 and R2.
Authentication
Authentication can also be divided into two steps. The first one is the trigger
to the authentication process. The user approaches a relying party, which could
be any service using the authentication scheme that the user registered to. The
user presents their credentials to the relying party in the forms that are defined
by the authentication system.
The RP proceeds to start the second part of the authentication process. In
this part, the credentials are relayed to the verifier of the authentication system.
This is a service that is able to check the credential and verify if it is indeed
bound to the user identity using the information provided by the CSP. if the
certification succeeds, the verifier certifies the identity of the user to the RP.
This is usually a simple confirmation, but the verifier can even specify the user
identity in some systems.
This flow is illustrated in Figure 1, steps A1 and A2.
2 Means of Authentication
Credentials can take many different forms, Each of them with their own advan-
tages and disadvantages. These are often a rather important part in the design
2
Figure 1: Hash function
3
password to remember is also easy to guess. Moreover, users tend to use the
same password for multiple authentication systems, so that if any of those are
corrupted there is a catastrophic chain reaction. Moreover, passwords needs to
be stored for verification. If a database leaks and passwords are not adequately
protected, then an attacker can potentially learn all the user passwords. The
standard countermeasure of this is password hashing, where only the password
hash is stored by the verification service. Because of pre-image resistance and
collision resistance, an attacker cannot recover the original password, nor can
they forge a password that works with a given hash. One last issue with this
system is that in case of password reuse (by the same user or different users), the
hash would be the same. This would reveal which users have the same password
and allow an astute user to log in as someone else. To prevent this, passwords
are concatenated with a unique salt, a random value. The value is then stored
with the password hash for verification.
Note that this kind of credentials is also weak to shoulder surfing, where an
attacker in proximity of a user carefully watches as they type in their informa-
tion.
4
Although biometrics might seem very secure at first view, it also poses a few
questions. First of all, it is increasingly easy to obtain close enough reproduction
of fingerprints and faces that theft of credentials is a rather concrete possibility,
and to an increasingly large scale. Moreover, biometrics have one key flaw.
You can change your password, but you cannot easily change your face. Thus,
credential theft is permanent.
3 Modes of Authentication
There are three modes of authentication that relate to credentials.
In single factor authentication, only one credential is necessary to authenticate.
This is the simplest way to authenticate, but it also means that compromising
one credential is all an attacker needs to compromise the user identity.
In multi-factor authentication, a combination of more credentials is necessary
to authenticate. Two factor authentication is the most popular form of multi-
factor authentication. Using more factors is possible and there are examples
of it, but two factors are secure enough for general applications. More factors
would make the authentication cumbersome, annoying users.
In continuous authentication, there is not just one instance of authentication.
Some credentials might be needed for a first authentication, while further au-
5
thentication with different credentials might be necessary to preform more risky
operations. An example of continuous authentication is illustrated in Figure 2.
In addition to these three modes of authentication for credentials, there are
two modes that relate to the setting of the authentication. One is local authenti-
cation, where a user authenticates to a system that is physically close. Instances
of this would be a logging into a personal computer, or opening a door with a
key-card.
The other is remote, where a user authenticates to a system over some kind of
network, potentially public. An instance of this would be a login form for a
website. Note that remote authentication cannot be as simple as presenting a
credential. In fact, it is necessary that the authentication becomes a protocol
where the user not only proves possession of the credential, but also that the
protocol is being run live. A simple example, called challenge response, is il-
lustrated in Figure 3. In this example the verifier issues a unique challenge to
the user, who then uses his credential to produce an adequate response for the
verifier.
4 Security Issues
In this section we summarise the security issues that can affect different means
and modes of authentication, give examples of attacks and give some counter-
measures.
Attacks are divided into five categories:
6
• Client attacks, where the attacker tries to authenticate as a user would.
• Host attacks, where the verifier is attacked.
• Theft, where the credential is stolen or copied.
• Replay, where a legitimate run is repeated to perform a malicious authen-
tication.
• Denial of service, where we specifically refer to denial of service caused by
a lockout, which is a deactivation of a credentials set because of too many
wrong attempts.
7
Lecture 3 - Access Control
DIGI112 - ICT Security
15.09.2022
1
1.1 A Model for Access Control
There are three main entities of interest when designing an access control system.
• Subjects, entities capable of accessing system resources. Processes can be
physical users, or applications. However, we usually abstract away this
distinction and consider generic subjects or users.
• Objects, the resources that we want to regulate access to.
• Access rights, the different ways a subject may access an object.
Subjects can usually be further categorised in three classes:
• Owner of a resource. The creator or administrator of the resource.
• A group of subjects affine to the owner, to which some access rights might
be granted.
• The world, all other subjects to which the least access rights are granted.
This division is not mandatory, but it is quite useful and it is used, for
instance, in access control for personal computer OS.
We find it also useful to give an example of access rights for a category of
resources, namely files. In this setting, we usually have the following access
rights.
• Read. A user may view the content of a file.
• Write. A user may modify the content of a file.
• Create. A user may create a file in this location.
• Delete. A user may delete this particular file.
• Search. A user may list the files in this location.
However, it is worth pointing out that access right are object specific, depending
heavily on its nature and behaviour.
The way we regulate access rights to a specific object is through the definition
of access control policies. There are four main ways of defining policies, and they
yield the four main kinds of access control.
• In Discretionary Access Control (DAC), policies are based only on the
identity of the subject and the access rights that this specific identity
might have on the object that is being accessed. We call it discretionary
because a subject might have also the right to modify the access policies
of the object.
• Mandatory Access Control (MAC) is similar to DAC, but the ”mandatory”
indicates that access policies are fixed by an administrator, and subjects
have no control over them.
2
• Role-Based Access Control (RBAC) defines roles and assigns users to roles.
Access rights are then granted or denied on a group level, instead of a
subject level.
• Attribute-Based Access Control (ABAC) define attributes for subjects,
objects, and environmental conditions. Access rights are then computed
based on the attributes of the specific subject and object involved in the
access request.
We now explore these different kinds of access policies in detail.
• User B has read (r) access to File 2. They also own File2 and have rw
access.
• User C has rw access to File 2. They also own File2 and have rw access.
Then we can create a matrix with users A, B, and C identifying each of the rows.
The columns are then identified with files 1, 2, and 3. We populate the cells of
the matrix with the appropriate access rights. This is illustrated in Figure 2.
This representation is rather handy, as all of the necessary information is
stored in one place and easy to search. However, it is quite wasteful because
many of the cells are left empty. It is possible to have more compact represen-
tations of the policies by sectioning rows or columns of the access matrix.
Access control lists (ACL) are obtained by selecting single columns of the
access matrix and eliminating empty cells. Each ACL refers to a single file and
it lists all of the users having access to it, alongside the relevant access rights.
This representation is useful for two main reasons. First, it makes possible to
store the ACL directly with the relevant file, so that the ACL is stored at least
as securely as the file and it is easy to retrieve. Moreover, it makes it really easy
3
Figure 2: Access Matrix
to know exactly who has access to specific file. However, using ACLs it is hard
to list all of the files that a specific user can access.
Capability tickets are obtained by selecting single rows of the access matrix
and eliminating empty cells. Each ticket refers to a single users and lists all of
their access rights in the system. This is rather useful because it makes it easy
to know what a specific user can access, although it has the opposite issue of an
ACL, since you have to check all tickets to know who has access to a resource.
However, it poses a security issue, as the user must not be able to alter this
list. This issue can be solved by not giving the list to the user in the first place,
but we have tools to ensure the authenticity of some information. Indeed, it is
possible to use a cryptographic MAC or a digital signature to create unforgeable
tickets. This has a huge advantage in distributed systems, where the function
doing access control might be separated from the resources themselves. In fact,
these tickets can be safely handed to the user, who can present them to other
parts of the system to gain access to the relevant resources. The analogy with
physical tickets is quite fitting. You can buy a ticket to a concert that only gives
you access to general public, VIP areas, backstage, and so on. When you want
to gain access to a specific area, your ticket can be checked without having to
go through the ticket office again.
One last representation of this data is an authorization table. This represen-
tation gets rig of empty cells and stores rows of user, access right, and resouce
in a table as illustrated in Table 1. This type of structure is compact and it is
4
easy to find out both all users who have access to a resource, and all resources
accessible to a user. However, it presents the same inflexibility of the access
matrix, as it needs to be stored in an accessible centralized location.
5
subjects to the appropriate roles. When an access right request to be evaluated,
the access control function just needs to look up the roles of the subject and
compose the access rights for these roles. The check can then continue as in
DAC.
Note that the relationship between roles and subjects is still a ”many-to-
many” as the one we described for subjects and objects above. This means that
we can use a similar structure, namely a role matrix, to represent these rela-
tionships. An example of role matrix is in Figure 3. The same considerations
we made about more compact representations for the role matrix are also ap-
plicable here. We can have horizontal sections producing lists of roles assigned
to each user, which behave in a similar way to capability tickets. We can also
have vertical sections producing a list of users for each role. Finally, we can also
use a role table with two columns, each entry linking a user to a role.
6
3.1 RBAC0 to RBAC3
The basic role-based access control described above is referred to as RBAC0 .
There are three further flavours of RBAC, up to RBAC3 .
RBAC1 extends RBAC0 by introducing a hierarchy of roles. This hierarchy
reflects the hierarchy that we typically see in organizations. Roles with more
responsibility, like a manager, tend to have greater access rights than simple
employees. RBAC1 reflects this by allowing a role1 to inherit all access rights
from another role0 . In turn, some other role2 , higher in the hierarchy, might
inherit its access from role1 . It is also possible to have multiple hierarchies,
inherit from multiple nodes, and be inherited by multiple roles, producing an
intricate hierarchy of inheritance.
RBAC2 does not extend RBAC1 , but it is another extension of RBAC0 . It
introduces the concept of constraints. A constraint limits the possibility for a
subject to be assigned to a role. There are three main types of constraints.
• Roles can be made mutually exclusive, with membership in a role dis-
qualifying a subject from being assigned to a role. Imagine a role ”quality
controller” and a role ”designer”, a subject assigned to both could produce
a design and approve it, skipping the due control. The most extreme case
of mutually exclusive roles happens when all roles are mutually exclusive,
so that subject can only be assigned to one role.
• A cardinality constraint might be enforced, capping the number of subjects
who can be assigned to a role, or the number of roles a subject can have.
• Prerequisites might be put in place, where a subject can only be assigned
a role if they were already members of some other role in the RBAC.
RBAC3 is simply the combination of RBAC2 and RBAC1 , allowing both a
hierarchy of roles and constraints.
7
• Environment attributes, that are not related to a particular subject or
object, but rather are characteristics of the context in which the access
request is happening. For instance, they could indicate the current time
or date, active threats detected in the system, and so on.
Note that relevant attributes are chosen by the designer of an information system
to give a meaningful representation of what subject, objects, and the environ-
ment are in the context of the information system. For instance, the attribute
”age” might be relevant to deciding access rights to a movie, but the attribute
”shoe size” would likely be useless in this context.
The attributes are then put in relationship using access control policies,
rules that check the compatibility of subject attributes, object attributes, and
environment attributes to decide whether to grant or deny access to the object.
This logic can be rather complex, but it only needs to be designed once and
updated if a change in conditions happen. However, once it is put in place
there is very little need for updates in the policies, with just some updates for
attributes every now and then. Since attributes are simply characteristics of the
entity they describe, this is much less critical and more intuitive than updating
access rights.
For instance, consider an e-commerce website that wants to give access to
discounts for old products to faithful members. They can create an attribute
”membership_date” for users, and an attribute ”arrival_date” for objects.
Then, instead of having to check which users are loyal customers and specify
they have access to special discounts, they can simply check the membership
date is old enough.
display_discount(subject, object):
subject.membership_date is older than 2 years
AND
object.arrival_date is more than 6 months
This means that there is no need to assign users to a special ”loyal customer”
role, nor to constantly flag old products. The access policy will give access to
special discounts as soon as it is appropriate.
Typically, an ABAC system is designed as illustrated as in Figure 4. A
subject makes an access request to an access control service. In turn, this service
queries some data storage to retrieve information about the subject, object, and
environment. The service then applies the relevant access control policies to the
attributes and computes whether it needs to grant or deny access. Attributes
are generally stored alongside other data about the entities they refer to, and
not necessarily all in the same place. Moreover, access control policies might
also have a separate storage, in case the service is unable to store them locally.
This makes this access control system quite complex, and there are a lot of
moving parts that an attacker could try to corrupt. This makes ABAC more
vulnerable to attacks, requiring higher security for all of their parts. Note that
this is not an issue per se. However, this is also coupled to a higher complexity
of setup, since a lot of care needs to be taken when choosing attributes and
8
Figure 4: Attribute Based Access Control
their relations through policies. For these reasons, ABAC are only worth the
investment when other kinds of access control policies would be impractical to
operate or maintain because the system is too complex for DAC and lacking a
role structure that would allow the use of RBAC.
9
Lecture 4 - Malicious Software
DIGI112 - ICT Security
22.09.2022
Small disclaimer. These notes are extracted from the complete notes on ma-
licious software. Next week the full notes on malware are going to be published.
If you are using the material after 29.09, you can just download and use the
next week notes.
1 Malware
With malicious software, or malware for short, we indicate any piece of software
that is inserted in an information system with the intent of breaching some of its
security properties. It might also have the aim of being annoying or disruptive
to a user experience. The code is usually inserted covertly, but that is not
necessarily the case. In general, we are concerned both with the threat that
malicious software poses for other software, and to the threat posed to users
when they use compromised software, or the malware itself.
The lifecycle of a malware can be composed by the following five phases.
• Infection
• Dormant phase
• Propagation
• Trigger
• Payload deployment
In the infection phase, the malware manages to be injected into an infor-
mation system. Then, it might continue the attack straight away, or it might
have a dormant phase, waiting for some activation condition to be met. Either
way, at some point the malware enters the third phase of its lifecycle, namely
the propagation, when the malware aims to make as many copies of itself and
inject them into other components of the information system, or even other in-
formation system. It does so through a propagation mechanism that is specific
to each malware. Once the propagation is completed, the malware waits for a
set of criteria, called trigger to be met. As soon as the trigger is activated, the
1
last and final phase of a malware lifecycle start, and the malware payload is de-
ployed. The payload is the fragment of code in the malware that is responsible
for the malicious behaviour of the malware.
Mind, however, that it is possible to have malware that does not have all
five phases, and malware might skip any of them.
It is rather easy to see that the most important steps in the malware lifecycle
are propagation and payload deployment. It should not come as a surprise that
these are the two most popular characteristics that we use to classify malware.
Namely, propagation mean and payload. As far as propagation goes, we generally
divide malware in three big categories: malware that infects other content,
malware that is a standalone program and self-replicates, and malware that
does not autonomously self-replicate. On the other hand, we classify malware
according to their payload, basing on what are the effects of the payload, such
as spying, disruption, or loss of system integrity.
2 Propagation
Let us start by doing a classification based on the means of propagation of mal-
ware. Broadly speaking, we have two types of malware based on propagation.
Malware that aims to automatically replicating, such as viruses or malware, and
malware that relies on a user interaction to infect a system and generally lacks
self-replicating capabilities, such as Trojans. Let us go through the different
malware categories in detail.
2.1 Virus
A Virus is a fragment of software that can infect other programs by modifying
their code to hijack the execution. It is parasitic code, in the sense that it lacks
the capabilities to execute by itself, but it relies on another program to start
the execution. This is a similar behaviour to biologic viruses, which do not have
the ability to self-replicate, but they hijack the biological machinery of another
cell.
The simplest way a virus can inject itself inside another program is to simply
add their code at some point in the file that is going to be executed. However,
this causes an increase in the size of the file and might be detected. So, viruses
generally replace some of the original code, or replace functions calls from the
original program with calls to malicious functions stored elsewhere. Note, how-
ever, that the mode of injection is usually dependent on the infected content,
called target. Let us go over the different kinds of virus we can identify based
on target. In general we have
• Boot sector infector, targeting the code used to mount a hard drive or
start a OS. Note that this can allow the virus to execute in kernel space,
making this kind of threat quite dangerous.
2
• Macro virus, targeting non executable documents with scripting capabili-
ties. More on this below.
• Multipartite virus, when multiple file of different kinds are infected.
We add a special mention to the most prevalent kind of viruses in the last
few decades have been macro viruses. These viruses targets documents that use
macro programming capabilities. Instances of this are Word, Excel and PDF
documents. These kinds of documents can contain executable code, for instance
to show animations, and macro virus exploit these capabilities to execute their
code. Macro viruses have a lot of advantages, as they are easy to write, they
are platform independent. Moreover, since they infect files and not programs,
many antivirus tools were historically not as good at detecting them.
This kind of viruses is fading a bit now in favour of more powerful tools
2.2 Worms
A Worm is a program that actively seeks more machine to infect, and exploits a
vulnerability on those machines to self-replicate and execute on the new target
systems. Contrary to a virus, a worm is a standalone program and does not
infect other content.
We distinguish some categories of worms, basing on the kind of exploit they
use to self-replicate.
• File Sharing. The worm creates copies of itself on physical devices con-
nected to the infected system. This is typically some removable media
such as an USB drive. It then exploits flaws in the auto-execution fea-
tures of hard drives to self execute when the media is plugged into a new
system.
• Remote file transfer. The worm creates copies of itself using remote file
transfer facilities in the network, such as a shared hard drive, or some
cloud storage.
• Remote execution. The worm uses some remote execution facilities to
execute itself on the target system. Either by using legitimately the ones
provided, or by exploiting vulnerabilities.
• Remote login. This is rather similar to remote execution, with the slight
difference that the worm uses remote login facilities to login to the target
system, and then executes itself.
3
Note that since worms exploit vulnerabilities in systems, they usually do
not target systems indiscriminately. In fact, the generally scan a network or
a list of devices to identify the vulnerable ones, and then proceed with the
infection. Once a worm has infected a system, it generally follows the lifecycle
we mentioned in Section 1, although it generally skips the dormant phase.
2.3 Trojans
Trojans are part of the malware that generally does not aim to self-replicate
automatically. Instead, it relies on tricking the user. This process is called social
engineering and it is a set of techniques used to persuade a user to perform
actions that are deleterious for their security. We will examine some of these
techniques more in detail in the Section about payload (next week).
In particular, Trojans pretend to be useful programs, but contain some ma-
licious utility in their code. They can both masquerade as famous software, or
simply lie about their real goal. The former is sometimes the case when dealing
with pirated software. In the first scenario, a hacker provides a cracked version
of a commercial software containing malicious code, tricking users to install it
in order to avoid paying for the real software. In the latter, the malware simply
pretends to be a new software, such as a new word processor or antivirus, while
in fact containing malicious code.
Trojans can generally be divided into three categories, based on how much
of the original function they still absolve.
• Trojans which still perform all the functions of the mimicked software.
This is often the case for pirated software.
• Trojans that replace some of the functionalities of the original code with
malicious ones. For instance a mail client that still sends mail, but it also
forwards them to an attacker.
• Trojans that completely replace the functions of the original program.
This is often the case for Trojans masquerading as security programs.
Mobile Trojans are also worthy of a special mention. As users moved most
of their activity from laptops to smartphones, so the attackers started targeting
those systems. Mobile Trojans exploit the lack of transparency in the behaviour
of apps that was quite egregious until rather recently, and that sometimes still
characterizes mobile systems. Smartphone manufacturer tried to limit this issue
by restricting the accepted sources for apps to the official stores. However, this
does not stop a determined user to circumvent these precautions. Moreover,
malicious apps are still found on the stores, as they can sometimes slip through
the controls. Quite ironically, security apps are a popular target for this kind
of Trojans, with fake VPN and antivirus apps often being the target. This is
a product of two factors. They lure the user is a sense of fake confidence, but
the function they perform is not easy to verify for a user, making detection of
the malicious behaviour harder. An example of a trojan with most of the just
4
Figure 1: Secure VPN Trojan
Spam emails are generally not targeted to a specific user, as we can see in
5
Figure 2. They are as generic as possible and try provoke a panic reaction in
the user either by a threat, or by evoking a fear of missing out in a particular
opportunity. These are generally sent en masse to as many recipients as possible,
hoping that someone falls for the email and activates the payload.
Phishing emails can sometimes be spam, but they generally are more tar-
geted, trying to emulate the behaviour of an organization or some trusted party
for the user. This makes the user easier to convince if the impersonation is
successful. However, they require more research.
In the context of malware distribution, Spam and Phishing emails are gen-
erally used to trick the user to download or execute an attachment, or to visit a
malicious website. In the latter case, the attack usually proceeds on the website,
either through further deception, or through the exploit of a vulnerability in the
web browser.
6
Table 1: A brief history of malware
7
Lecture 6 - Network Security
DIGI112 - ICT Security
06.10.2022
Small disclaimer, as for the malware section, these notes refer to the lecture
of 06.10. The complete notes including the last section on Denial of Service will
be published before the last lecture. If those notes are available you can replace
these notes with those.
1 Networks
We define a network as two or more computers connected to each other. We
say nodes when we talk about the computers connected to a network, and edges
when we talk about the connections between those machines. The geometry of
the nodes and their connections is called the topology of the network, essentially
its shape.
1
Figure 1: Bus shaped LAN, with simplified MAC addresses
A LAN by itself is sadly not enough to have a flexible and reliable network,
as it does not behave well when more and more nodes are added to it. At some
point, handling the communications inside a flat network like this is not feasible.
Imagine having to keep track of all the participants in the network. That alone
would be an impossible feat for a network having the scale of the internet.
Thus, we introduce a special type of node, that we call a router. This acts as
a barrier at the border of the LAN and it allows it to communicate with other
local area networks. We illustrate a router as node 4:8:2 in Figure 1.
1.2 Internetwork
We call an Internetwork two or more network connected together through one
or more routers. A simple example is illustrated in Figure 2.
2
Figure 2: A simple Internetwork
Layers is concerned with keeping track of the logical units of data as they are
segmented to travel through the lower levels (think of a movie streaming, you
are not getting the whole film all at once, but bit by bit). Layer 6 is concerned
with encoding and encryption of the data. Finally, layer 7 is concerned about
the data as it is produced and consumed by the users.
3
We now explore some of the layers in the OSI model in detail, and some of
the relevant protocols that regulate their inner working. In particular, we focus
on the HTTP over TCP/IP stack, which is the most common set of protocols
used on the internet as people usually experience it.
4
the combination of IP and Subnet mask is found among the peers of a router.
Then the packet is sent to the correct peer, and a similar chain is followed from
top to bottom, identifying the correct child router for each level of the hierarchy,
until a single IP is reached.
This is just a rough overview of the process of address resolution, but it is
more than enough for our purposes.
1.4.2 IP packet
The data sent in the IP protocol is divided into packets. These are composed by
a header and a body. The header contains the routing information (source and
destination IP), a checksum (digest) to ensure the header integrity, and some
extra information that we will not explore. The body contains the data that is
being transmitted in the packet.
Note that there is no mechanism in IP packets to ensure the integrity of
data, as that is handled by the higher layers of the OSI model. Moreover, there
is no relation between packets, nor a way to ensure a packet was received, as
this is also handled by the higher layers.
5
Figure 4: Data link frame transmission
6
and it is concerned with the logic behind the data being transmitted. Because
of this hybrid nature, TCP is often referred to as the heart of the OSI model.
The TCP packet is once again composed by a header and a body. The
latter simply contains the transmitted data, while the former has several fields.
We name the ones that are relevant to us. First of all, to differentiate this
packet from all the other packets of other TCP sessions that might be happening
between two IP addresses, a port is chosen. A port is a logical bucket where all
requests related to a specific logical unit are sent. For instance, all the traffic to
a website hosted on a node might go to port 80, differentiating different clients
by IP, while the client might assign a port, like 50689, to the outgoing traffic
coming from a web browser, or even from a specific tab in the browser. Then,
we a sequence number and an acknowledgement number, that are used to keep
track of the position of a packet in the context of a session. Moreover, there is
an integrity check for the whole packet, unlike what we had in the IP protocol
that would only ensure the integrity of the IP address. Last but not least, we
have a filed that indicates the type of packet. There are several types of TCP
packets, but we are mostly interested in three types,
7
Figure 6: TCP packet
Finally, once the communication is concluded, the client can initiate an end
of session protocol with the sequence ’FIN - FIN/ACK - ACK’, in a similar way
as it was illustrated for the handshake.
8
application layer protocol
HTTP is oriented to serving hyper-text, i.e.text that might encode more
complex information. It was designed for a rather different web than what we
are used to this day, one that was mostly text. However, it has adapted to an
extend and it is still one of the most used protocol for the public web. The focus
for HTTP is on resources that are organized like a file system, with an action
performed at a specific path, that is represented exactly like a folder path.
An HTTP request looks roughly like this:
iVBORwOKGg0AAAANSEUjhU...
9
Figure 8: ARP spoofing
Man in the Middle are a category of more powerful attacks. The attacker
manages to become an intermediary between two (or more) nodes in an net-
work. Being an intermediate node, the attacker can not only read all traffic,
but they can also manipulate the content of packets and especially drop pack-
ets, impacting confidentiality, data integrity and availability. Sadly, the lower
layers of the OSI model mostly run on trust and there is little to no security
built in. One notable example of this issue is ARP spoofing. Since there is no
integrity or authenticity built into the ARP announcements, an attacker can
easily masquerade as the LAN router, and redirect all traffic going in and out
the network through their node. This is illustrated in Figure 8.
This is a very low skill attack, although it does require that the attacker
is connected to the network. Notice that this is easier to detect than a plain
wiretapping, but it is much more potent.
10
of a device.
11
Figure 9: Chain of Trust
12
• Certificate and serverHelloDone, that present the server certificate to
the client, and terminate the serverHello message.
• Finished. That indicates that the handshake is successfully concluded.
These messages are then transmitted as illustrated in Figure 10, with the
addition of the clientKeyExchange, that is the beginning of a subprotocol to
agree on a secret key. We will see in the next session what that entails.
13
to everyone, computing respectively F1 = s1 .G and F2 = s2 .G. They then
transmit the F1 and F2 . Now the client can compute
and these two quantities are equal because the multiplication is commutative.
An attacker that only see G, F1 , and F2 has no way of reconstructing either
the secrets s1 , s2 , nor the shared value. The only way this can be attacked is
by manipulating the messages. However, this is not possible on the server side
because the public key in the server certificate is used to certify the messages
sent by the server. It is still possible to manipulate client messages, but this
can not trick the client, which will then refuse to continue. Thus the attacker
can only reach a connection with the server, but since the server is accepting
connections by everyone the attacker gained nothing that they could not gain
by going through a honest handshake of their own.
Moreover, even if the attacker records the handshake and later the key of
the server is compromised, they still can not break past the exchange, as the
key is only used to ensure integrity. Assuming that the session key is correctly
deleted after communication, then we achieve forward secrecy, which is the
property of a communication of being secure even if the key material used
in it is compromised. This is particularly important in communication that
exchange information that must remain secure for a long period of time, such
as bank card details or credentials. Since this is often the case when accessing
websites, this property is quite desirable in a protocol designed to secure online
communications that could be intercepted and stored.
14
Exercises Key 1 - Overview of Cyber-security
DIGI112 - ICT Security
Exercise 1
1) What components of an information system are considered assets?
The components of an information system that are considered assets are Hard-
ware, software, and data. Hardware is composed by the physical components of
the system.
Software is composed by the programs and routines running in the information
systems.
Data are the facts that the system collects, organizes and processes to create
useful information.
1
5) Which threat consequence can affect availability? What threat
actions can cause it?
Disruption is the threat consequence that can affect availability.
It can be caused by incapacitation, where an entity disables a component of
the system, corruption, where an entity adversely modifies system functions or
data, or obstruction, where an entity hinders system operations by blocking
communications or overloading components of the system.
Exercise 2
Some examples of data that requires confidentiality are marks, or solutions to
mandatory assignemnts. On the other hand, solutions to this exercise sheet
would not have confidentiality as a priority. Integrity is often a requirement,
but for instance brainstorming canvas do not have a requirement of integrity,
as they are meant to be contributed to by all students. Availability is almost
always a requirement, although mitt seems to think otherwise. :)
2
Exercise 3
1) Eve exploits a bug in mitt.uib to change the assignment marks of
all the students of DIGI-100.
The threat consequence is deception, and it impacts information integrity. The
threat action is falsification.
2) Alice goes to the doctor to get a blood exam. The next week the
doctor uploads the results to Bob’s clinical record by mistake.
The threat consequence is unauthorized disclosure and it impacts confidentiality.
The threat action is exposure, because the doctor is an authorized entity in the
system.
3) Charlie is watching Netflix, when Alice turns off the Wi-Fi router.
The threat consequence is disruption and it impacts availability. The threat ac-
tion is incapacitation, because Alice disables a system component. If Alice had
turned on the microwave to interfere with the Wi-Fi, that would be obstruction.
FYI, yes this is a thing:
https://whatsabyte.com/internet/microwave-interferences-with-wi-fi
5) Frank wiretaps Alice landline and learns that she plans to buy
some Apple obligations.
The threat consequence is unauthorized disclosure and it impacts confidentiality.
The threat action is interception.
6) John has a website that sells houseplants. Mike gets access to the
website pretending to be Mike and changes all the prices to 0 nok.
The threat consequence is deception. Threat actions are masquerade and falsi-
fication.
3
Exercise 4
1) Alice encrypts a message and transmits it with a MAC tag.
The encryption provides confidentiality. In addition, the MAC tag provides
integrity and a degree of authenticity.
4
Exercise Key 2 - Authentication
INF624 - Introduction to cybersecurity
Exercise 1
1) What is the role of a Credential Service Provider
A CSP participates in the registration flow. After the RA has vetted a user
identity, the CSP engages in a protocol with the user and issues the user a set
of credentials that are then bound to its identity by the CSP. The user can
later redeem those credentials to provide confidence on their identity to the
authentication system.
1
single factor authentication. One is that the attacker has to compromise multiple
credentials to carry on a successful attack. The other is that the credentials can
belong to different means of authentication. As we saw, these have different
weaknesses and strengths. An attacker cannot just repeat the same attack
twice, but they must design a specific attack to compromise each credential.
2
Exercise 2
mitt.uib using Feide
The RA for Feide with UiB is the university itself. The vetting process is done
during the enrolment of a UiB student or employee, where government issued ID
and right to work/study documents are vetted by the university administration.
The CSP is Feide and so is the verifier.
Feide has many relying parties. In this scenario we are considering the
authentication to mitt.uib, so this platform is the RP.
To the best of my knowledge, Feide uses a password login, so it uses single
factor, knowledge based authentication. If you have a different setup, please
let me know. There is no wrong answer, as long as the mean and mode of
authentication is correctly classified.
The authentication is remote.
A Windows laptop
The RA is the laptop OS, or installer in installation phase. In installation phase
there is no vetting, the user is given the power to create as many identities, with
as many credentials they want. During operations, the vetting process is having
an existing administrator trust you enough to set up an account for you.
The CSP and verifier are the system OS, although in this instance the cre-
dentials are user chosen.
The relying party is once again the system OS.
Means of authentication are password and PIN (knowledge based), and pos-
sibly biometrics if the hardware supports it.
Windows employs continuous authentication. There is a single factor login,
typically with password, PIN, or biometric. However, it is necessary to re-enter
a user password to make critical user changes, and an administrator password
to make system wide critical changes.
This is a case of local authentication.
3
instance some low security doors), other times multi-factor (for external doors
and secure areas). It is continuous because you need to authenticate again for
every door that you need to cross.
This is a case of local authentication.
Netflix
Netflix is a clear example of an ”all-in-one” remote authentication. RA, CSP,
verifier and relying party are the Netflix website. The vetting process is sim-
ply an email verification and the credential is a, knowledge based, password.
Authentication is single factor and remote.
4
Exercise 1
1.) What is the difference between authentication and ac-
cess control?
Authentication is the process through which an information system establishes
confidence in a subject identity. Access control the process through which an
information system grants access rights to a subject once their identity has been
assessed.
1
5) What is a capability ticket? Why is it important that a
user cannot forge it?
A capability ticket is obtained by slicing a row of an access matrix. It is a list of
all of the access rights a user has in the information system. It is important that
a user cannot forge a capability ticket, otherwise they could make fraudulent
claims to have more access rights than they actually do.
2
Exercise 2
1) Access matrix
To fill the access matrix, we create on row for each subject and a column for
each object. Then we fill the cells with the information provided in the items.
Object 4
Subject1 R
Subject2 Own, RW
Subject3
Subject4 R
Subject 1
R
Subject 2
Own
RW
Subject 4
R
3
3) Capability ticket for subject1
We need to select the row for subject1 from the access matrix
In this case there is no empty space to remove, so we just write all in the
capability ticket.
Object 1
Own
RW
Object 2
Own
RW
Object 3
R
Object 4
R
Object 5
R
4
4) Authorization table
In this case we need to go through each cell of the access matrix and organize
the access rights in the authorization table.
5
Exercise 3
1) Role Matrix
to construct the role matrix we create a row for each subject and a column for
each role, then we go through the role assignments and fill the appropriate cells.
Now, whenever we give access rights to the User role, these are automatically
reflected in the Admin role without need to update the access matrix for the
Admin role, too.
6
Exercises Key 4 - Malware Taxonomy
DIGI112 - ICT Security
Exercise 1
Review Questions
1
human virus, it infects some other executable content and hijacks the regular
flow of computation of the host program.
2
What is a mobile trojan?
An mobile trojan is a trojan specifically targeted to mobile devices. This kind
of trojans masquerades as a mobile app, either by mimicking some popular app
or by falsely advertising the capabilities of the app. Quite popular are security
providing apps that claim to protect your phone from malware, or to secure your
communications, such as fake VPN clients. Also popular are apps that claim
to improve the performance of a smartphone. Although the app stores vet the
apps that are provided, it is sometimes possible to slip through the cracks of
the vetting process. Moreover, users sometimes try to download apps outside of
the store, either to get a paid app for free, or because they need some specific
app that is not hosted on the app store. This can also be a way of ingress for
trojan mobile apps.
3
Exercises Key 5 - Malware
DIGI112 - ICT Security
Exercise 1
Review Questions
1
like cryptocurrencies to exact payment.
Most of the times the data is released once the ransom is paid. However, it is
also possible that the data is lost forever, either because of a mistake on behalf
of the attacker, or because the attacker never intended to release the data in
the first place, using the ransom request only to extract more value from the
owner of the compromised system.
2
Describe the three goals of anti-malware countermeasures.
The three goals of anti-malware countermeasures are prevention, mitigation and
recovery. Prevention aims to detect malware before it can execute on tthe sys-
tem, and then proceeds to identify it and remove it.
Mitigation aims to harden a system against malware infection, including patch-
ing vulnerabilities, taking frequent backups, and ensuuring that sensitive data
is stored in protected areas of the system. These measures aim to make attacks
less likely to succeed, or to reduce the harm in case of an infection.
Recovery aims to restore a system to a pristine state after an infection and
recover any lost data. Depending on the malware and the mitigation measures
in palce, it might be as trivial as restoring a backup, or it might require more
involved intervention. Sometimes it might be even necessary to rebuild the
information systems or portions of it from scratch.
3
checks. Hash functions, MACs, and digital sigantures are all good candidates.
However, it is worth noting that if a hash function is used, then a sophisticated
malware might be clever enough to also modify the integrity check.
4
Exercise 2
Classify the following malware, i.e. to specify its propagation and payload.
Explain your answer.
Chernobyl
Chernobyl is a Virus, specifically a file infector. It spreads its code through an
executable.
The payload would overwrite random data, threatening system and data in-
tegrity.
Zhelatin
Zhelatin is a Worm. It spreads as an email attachment, tricking users to click
on the attachment with sensational fake news titles.
The payload zombifies a computer and connects it to a botnet, so it is a bot.
5
14/10/2022, 20:16 Simulation DIGI112
The exam is composed by 40 questions, for a total of 80 points. The questions are divided into 13
Sections, following quite faithfully the progression of topics covered.
Theoretical questions are in the form of multiple choice or true/false, with a score of 1 point for
each question.
The other exercises are mostly in the form of gap filling, where you are asked to fill gaps in a text
or image, picking from a keyset. One exercises has a drop-down scroll panel for the choices
instead of a key. The points for each of these exercises are different, but there is a recap of the
points in the exam overview.
A student is expected to answer at least 30 points to pass the exam. There is no restriction as to
which questions must be answered to reach 30 points.
You are allowed to use your notes or the notes provided by the lecturer, but it is recommended that
you try to use your knowledge as much as possible, as the exam is not designed for you to have
time to look up the answer of every question in the lecture notes.
1.1
Which of the following situations describes a system with confidentiality?
Maximum marks: 1
1.2
What does it mean to safeguard Availability?
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 1/20
14/10/2022, 20:16 Simulation DIGI112
1.3
An alternative name for an attack on an information system is
Threat consequence
Impact
Risk
Threat action
Maximum marks: 1
1.4
How do we call a loss of a security property?
Vulnerability
Attack
Threat consequence
Security Breach
Maximum marks: 1
1.5
Which of the following scenarios impacts Integrity?
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 2/20
14/10/2022, 20:16 Simulation DIGI112
Corruption Inference
Inference An unauthorized entity deduces sensitive data by reasoning from
observed data or communications.
Maximum marks: 5
3
Which of the following actions can cause disruption
Exposure
Incapacitation
Obstruction
Masquerade
What security properties are impacted by disruption
Confidentiality
Data Integrity
Availability
System Integrity
Maximum marks: 2
https://vurdering.uib.no/admin#author/test/125416842 3/20
14/10/2022, 20:16 Simulation DIGI112
4.1
What properties can be ensured with digital signatures?
Integrity
Authenticity
Availability
Accountability
Maximum marks: 2
4.2
Given a message x, it is hard to find a different message y so that H(x)=H(y). What
property is this?
Deterministic digest
Pre-Image resistance
Collision resistance
Maximum marks: 1
4.3
Which of the following is an example of public key cryptography?
Hash function
Digital Signature
MAC
Symmetric Encryption
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 4/20
14/10/2022, 20:16 Simulation DIGI112
5.1
Which of the following is a threat to remote authentication?
Shoulder surfing
Replay attacks
Password cracking
Credential theft
Maximum marks: 1
5.2
Dynamic biometric credentials identify you using something that you are, or something
that you do
True
False
Multi-factor authentication uses exactly two factors, if more than two factors are used we
talk about continuous authentication
True
False
Maximum marks: 1
5.3
Which of the following credentials are vulnerable to theft?
Face recognition
Smart card
Fingerprint
password
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 5/20
14/10/2022, 20:16 Simulation DIGI112
5.4
Which of the following statements is not correct
Maximum marks: 1
5.5
Which of the following statements is correct?
Maximum marks: 1
5.6
Which credentials are vulnerable to shoulder surfing?
Face recognition
PIN
pattern
software token
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 6/20
14/10/2022, 20:16 Simulation DIGI112
5.7
What is the component that issues credentials in an authentication system?
RP
Verifier
RA
CSP
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 7/20
14/10/2022, 20:16 Simulation DIGI112
6 The Rural Bank of Paris has recently announced a new authentication system for terminal
payments, called voiPay. Registration will be possible through your local branch, where you will
have to present ID and will be recorded while you sing your password. In 6-10 weeks, you should
receive by mail your new voiPay smart card. The procedure for payments is then quite simple. For
payments under 50 euros, your voiPay card is enough. Payments above the threshold require you
to sing your password in the new voiPay terminals available in shops adhering to the initiative.
https://vurdering.uib.no/admin#author/test/125416842 8/20
14/10/2022, 20:16 Simulation DIGI112
Fill the gaps based on the prompt above. For credentials, use the alphabetical
order. Help
remote password
Rural Bank of Pa
Shop
Rural Bank of Pa
Rural Bank of
continuous au local
Maximum marks: 8
https://vurdering.uib.no/admin#author/test/125416842 9/20
14/10/2022, 20:16 Simulation DIGI112
7.1
Which access control system is the least vulnerable to attacks?
DAC
RBAC
ABAC
MAC
Maximum marks: 1
7.2
Which of the following RBAC flavours admit a hierarchy of roles?
RBAC 3
RBAC 0
RBAC 2
RBAC 1
Maximum marks: 1
7.3
Which of the following characteristics is not admitted in RBAC2
Immutable roles
Role hierarchy
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 10/20
14/10/2022, 20:16 Simulation DIGI112
7.4
What is a Role matrix
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 11/20
14/10/2022, 20:16 Simulation DIGI112
8 Fill the Access Matrix for the following prompt with the correct access right:
Read (R),
Write (W),
Execute (E),
or a combination of them (RE, RW, RWE, ...). Use 'None' if the user has no access rights to the
file.
Then complete the remaining statements.
User 1 can read and execute Files 1 and 2, and they can read and write File 3. User
2 can execute File 1, and they can read and execute File 3. User 3 can read, write
and execute all files. Help
RW RE RWE None
WE Authorization Table R
Access Matrix
File 1 File 2 File 3
RE RE RW
User 1
E None RE
User 2
User 3
Maximum marks: 11
https://vurdering.uib.no/admin#author/test/125416842 12/20
14/10/2022, 20:16 Simulation DIGI112
9
Complete the descriptions of the following malware attacks. Hint: read all the
description before trying to answer Help
Sodinokibi
Sodinokibi is a malware first surfaced in 2019. It first spread as a DHL management app, thus
being classified as a Torjan
. There are also instances where it would
Once downloaded, it encrypts the hard drive and asks for monetary payment, thus being
classifiable as a ransomware
.
Even if the user pays the ransom, and the files are decrypted, it leaves behind a hidden malware
that collects and exfiltrates user credentials on the system, i.e. a spyware
.
In some recent infections additional malware was found on the machines, the
rootkit
Irk5, that allows a local attacker to gain administrative control over the
Maximum marks: 7
10.1
What malware rewrites its code with every infection?
File infector
kernel malware
Encrypted
Polymorphic
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 13/20
14/10/2022, 20:16 Simulation DIGI112
10.2
Which of the following could be an infection prevention countermeasures?
Maximum marks: 1
10.3
Which of the following countermeasures are good examples of recovery?
Maximum marks: 1
10.4
What malware threaten the confidentiality of a system?
Logic bombs
Adware
Keyloggers
Spyware
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 14/20
14/10/2022, 20:16 Simulation DIGI112
10.5
What technique can be used to execute a malware somewhat safely?
Integrity checks
Perimeter Scanning
Sandboxing
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 15/20
14/10/2022, 20:16 Simulation DIGI112
11 Fill in the 7 OSI layers in the first column. Assign the protocols we saw for the relevant
layers in the right column.
Network
Transport
Application
Presentation
The Data Link layer divides the data into packets for transmission
True
False
Maximum marks: 13
https://vurdering.uib.no/admin#author/test/125416842 16/20
14/10/2022, 20:16 Simulation DIGI112
12.1
What is the last message of the TLS handshake?
serverHelloDone
clientHelloDone
Finished
changeCipherSpec
Maximum marks: 1
12.2
What ensures server authenticity in TLS?
Maximum marks: 1
12.3
Which of the following messages are part of the TLS handshake
serverHello
serverDone
changeCipherSpec
clientCipherSpec
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 17/20
14/10/2022, 20:16 Simulation DIGI112
12.4
The adversarial model for TLS ...
only trusts the client and the server, seeing all network as an adversary
does not consider MitM attacks, since they are very rare occurrences
Maximum marks: 1
12.5
TLS and HTTPS are complementary protocols, the former ensures the confidentiality of
data, the latter ensures integrity
True
False
PKI x509 certificates are issued to a server so that it can identify itself to clients
True
False
Maximum marks: 1
13.1
Flooding attacks aim at overwhelming application resources.
True
False
Amplification attacks use a broadcast address to generate a huge number of responses
True
False
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 18/20
14/10/2022, 20:16 Simulation DIGI112
13.2
What technique can be used to weaponize bandwidth reflection in a DoS attack
Amplification
Reflection
Maximum marks: 1
13.3
Monitoring traffic and filtering suspicious packages is a form of DoS
prevention
detection
identification
reaction
Maximum marks: 1
13.4
Which of the following attacks can cause a loss of confidentiality
SYN flooding
DDos attack
ARP Spoofing
wiretapping
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 19/20
14/10/2022, 20:16 Simulation DIGI112
13.5
Which security properties can be impacted by a MitM attack?
Authenticity
Availability
Accountability
Data Integrity
Maximum marks: 1
https://vurdering.uib.no/admin#author/test/125416842 20/20