Although users need to update their passwords, we want to limit their ability to update the password file only when they execute the password program. In SELinux this could be done by specifying

a rule that allows transition to a new domain type by executing a program.

providing write access to the password file to all users.

In SELinux multi-level security model, effective and clearance levels can be specified for a user. It is true that

effective level must be less or equal to clearance level.

clearance level must be less or equal to effective level.

effective and clearance levels must be the same.

there is no relationship between effective and clearance levels.

Consider the following SELinux MLS policy. mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { read getattr execute } (( l1 dom l2 ) or (( t1 == mlsfilereadtoclr ) and ( h1 dom l2 )) or ( t1 == mlsfileread ) or ( t2 == mlstrustedobject )); If a user is making a request for a file with the above MLS policy has a clearance level that dominates file's level l2, access to the file will be granted when

user type has mlsfileread attribute set.

mlstrustedobject is not set for object type.

Covert channels can leak sensitive data to unauthorized users. Covert channels are a concern in systems that support

capabilities to control access.

systems that do not store classified data.

A timing covert channel between two processes can be created when the processes

rely on a memory management scheme which allows one process to impact the page fault rate experienced by the other.

A shared resource matrix (SRM) can be used to detect covert channels. The size of SRM for an operating system will depend on

number of state variables updated/read by the system calls.

the number of processes running in the system.

size of the memory in the system.

The pump, which was introduced to deal with covert channels, can be used to reduce the bandwidth of a

both timing and storage covert channels.

NSA's TEMPEST specification addresses side channels that can be created when an attacker is close to a computer processing sensitive data and is able to record signals emanating from the system (e.g., emitted electromagnetic signals can be captured with an antenna). One kind of signal is the sound that is made by the fan to cool the chips when it runs various types of code. Sounds made when various keys are pressed have also been explored as possible sources of side channels. Such side channels can be mitigated by

running the fan used to cool the system at the same speed at all times.

interleave execution of processes that handle sensitive data with ones that do not have access to such data.

play low level audio with the computer speaker.

In the "Theory and Practice of Authentication in Distributed Systems" paper discussed in class, it is implied that distributed systems present new security challenges because

an open network introduces new threats.

user may not have a trusted path to the TCB of the server where a protected resource is available.

application running on a remote node may be a trojan.

Assume that principal B says (A ⟹ B). In this case,

A will have access to all resources B can access.

B will have access to all resources A can access.

B can access resources that may not be accessible to A.

Assume KA is a key and a request message encrypted with KA arrives at a server. The request is KA says "read F". Also, the server that receives the request knows that KA speaks for Alice (i.e., KA => Alice). Furthermore, the server's policy states that Alice can speak for Manager (i.e., Alice => Manager), where Manager is a principal. The request for file F will be granted when the access control policy states that

Alice AND Manager can access F.

A secure channel C guarantees integrity for messages sent over it. This means

we know who can send messages over C.

we know who can receive messages sent over C.

we know who can send and receive messages over C.

we know that data sent in the messages cannot be observed by an intruder.

Assume that the Diffie-Hellman key exchange protocol discussed in class in executed by nodes A and B. These nodes generate both a shared key K and key identifiers Ida and Idb. To securely exchange messages,

Ida and Idb sent over the network in plaintext.

Ida and Idb must be sent over the network encrypted with K.

K must be sent over the network encrypted with public keys of A and B.

K must be sent over the network with the private keys of A and B.

A certificate authority CA issues certificates for all users in a certain distributed system. This means

CA is always online and available to check if a certificate is valid.

CA's public key must be protected and not be made available to an attacker.

A secure channel C is established between named principals A and B using the protocol discussed in class. A man-in-the-middle (MITM) attack is only possible for C when

the shared K exchanged between A and B is leaked or stolen.

the CA issuing certificates for A and B is offline.

C is established to only guarantee integrity of messages.

multiple trusted CAs exist in the distributed system.

A problem similar to time-of-check-time-of-use (TOCTOU) could arise for a secure communication channel in a distributed system when

a certificate used in setting up the secure channel gets revoked after the channel setup but before the channel is terminated.

Cold boot attacks have been reported which allow an attacker to manipulate a machine's firmware (and thus the machine M itself). Such attacks can result in

booting of the machine with a compromised OS.

theft of machine's private key.

theft of the private key provided to the OS after the OS is booted.

After secure boot, the operating system is provided a certificate KM says KN => M as OS, along with public and private keys KN and KN-1 . The operating system then sets up secure communication channels with other nodes. Assume the secure channel C is setup for transfer of confidential data. After C is setup, to gain access to the data with a network-based attack only, the attacker must

gain access to shared key K that is used to encrypt the data sent over the network.

gain access to the machine's private key.

gain access to the node's private key.

The login protocol discussed in class used delegation. In particular, via a login program, a user U delegates to the node M as OS by

providing its private key to the login program.

providing its public key to the login program

providing its certificate to the the login program.

providing the private key that the OS holds and uses to set up secure communication channels

Assume principal U logs into node M as OS using delegation. The following statement(s) are generated when the login protocol completes.

A statement that shows U delegates to M as OS.

A statement that shows M as OS accepts the delegation.

A session certificate with a limited lifetime.

In a distributed system, a server can check that a request is coming from a specific application on a certain client node. Assume a request claims to come from M as OS as Accounting for Alice. For the server to be able to validate this claim, the client must have completed the following steps.

Alice must get a certificate from a trusted CA.

machine M must come installed with a certificate from a CA.

Successful exploitation of a vulnerability in operating system OS on machine M after OS is securely booted could lead to disclosure of

private key of N where N = M as OS.

private key of CA that signs M's certificate.

In the Intel SGX system, a hash for a client application's enclave is generated by the client machine (i.e., the hardware). A relying service can ensure that the enclave's code will handle its sensitive data correctly by getting the enclave hash attested by

the hypervisor of the client application node.

an independent software vendor.

such check is unnecessary because enclaves attest code before the code is loaded.

We explored several protocols to ensure security in distributed systems. The protocols studied by us do not help secure the system against the following threat(s).

Vulnerable applications that get compromised during their execution.

Untrusted boot server from which operating system code in downloaded.

Leak of a session key after the session has expired..

active network attacks that corrupt content of messages sent by nodes.

Database security presents new challenges compared to other systems because databases store

structured data that is accessed via queries.

data that is only read and not updated.

data that only requires discretionary access control.

Assume Alice grants certain access to table Employees to Bob with "GRANT" option. Bob further grants access to Employees to Charlie. In this scenario, if Alice revokes access for Employees from Bob, then

Bob and Charlie both will no longer have access to Employees.

Charlie will continue to have access to Employees.

Alice's revoke operation will be rejected because Bob granted access to Employees to Charlie.

A database provides support for stored procedures. Alice wants to execute a certain procedure P. Alice does not know what objects are manipulated by P, and thus is not able to request access to only these objects. In this case, to successfully execute P while adhering to least privilege,

Alice should have definer access to P.

Alice should have invoker access to P.

Alice should have access to all objects in the database.

Alice cannot execute P because she does not know what objects are accessed by it.

Inference attacks arise in database systems because they

do not perform access control for statistical queries that return aggregate results.

can limit auxiliary information that may be used by such attacks.

do not fully specify access control.

incorrectly specify access control policies.

In a small/large query defense against inference attacks, a database defines two thresholds: "small" and "large". In such a system, the database

the aggregate result must be computed over a set of rows (tuples) such that their number is more than "small" and less than "large".

will only execute fewer than "small" number of queries from a given source.

the total number of queries is bounded by the number "large".

the aggregate result must be computed over a set of rows (tuples) such that their number is less than "small".

Many mobile applications track user locations. Obviously, there are privacy concerns because of such tracking and one way to handle them is to report a sufficiently large region containing the user's exact location rather than the location coordinates. Assume that the region granularity is such that knowing only the region does not violate privacy but being able to infer finer-grain location information (e.g., a specific corner of a region) would be problematic. Assuming there is no rate limit for the number of requests for a user's location and a moving user's speed is bounded, inference attacks in such a system are possible when

user is moving and consecutive requests return different but adjacent regions.

consecutive requests for location for a given user returns the same region.

user is moving but consecutive requests return non-adjacent regions..

A de-identified database is further generalized to ensure k-anonymity and l-diversity. In this ,

increasing k or l may not impact the other.

increasing k always increases l.

increasing l always increases k.

k and l do not depend on each other.

Differential privacy with parameter ϵ guarantees that

the likelihood of disclosure is bounded when the user data is in the database relative to when the user chooses not to include his/her data in the database.

user's sensitive data will never be disclosed.

we can provide the likelihood of disclosure when we know what external information the attacker may have about the user.

there will be no loss in utility.

A database D contains two relations R1 and R2. The access class of R1 is c1 and the access class of R2 is c2. The access class of D

is the greatest lower bound or minimum of c1 and c2.

is the least upper bound or maximum of c1 and c2.

Secure Computer Systems - Quizzes

Authored by Sarah Reid

Other

University

Used 9+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

60 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

SELinux extends standard Linux access control by offering the following additional mechanisms.

A SELinux user id that is separate from the standard Linux user id.

Mandatory access control.

New access checks that are not performed in Linux.

All of the above.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Security context in SELinux can be associated with

only subjects/users.

only objects.

either with a user or objects owned by him/her but not both.

both subjects and objects.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The following is not an example of what is included in an object's security context.

Object's ACL.

Object's type used for type enforcement.

Object's user.

Object's multi-level security range.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Type enforcement (TE) access rules in SELinux allow policies to be defined that can limit access to objects based on

time of the request made by the requestor.

operation of the object called by the requestor (e.g., read on a file).

previously called operations by the requestor.

all of the above.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Assume SELinux kernel includes MyLSM Linux security module (LSM). However, no functions implemented by MyLSM are called when a certain file is accessed. This could be due to the following reason(s).

standard discretionary access check on the file request fails.

the access vector check contains no permissions for the file.

the policy database does not specify permissions for the file.

the policy file specifies no access for the file.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The implementation of the Bell and La Padula model in SELinux allows

only a single sensitivity level to be associated with a user/object.

writes to be done only at the level of the user.

reads to be done only at the level of the user.

none of the above.

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

SELinux policy rules specify

access checks.

inheritance.

overrides.

all of the above.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

58 questions

Bincangkan pertimbangan untuk mengaplikasikan teks

Quiz

•

University

55 questions

Môn Pháp Luật Đề 2 ^^

Quiz

•

University

55 questions

TDS ROBLOX QUIZ OK

Quiz

•

University

60 questions

Soft Skills

Quiz

•

University - Professi...

56 questions

Music Appreciation

Quiz

•

University

60 questions

Sejarah Bahasa Indonesia

Quiz

•

University

60 questions

Ujian Kimia Organik 2

Quiz

•

University

55 questions

2. Work-life balance

Quiz

•

University

Popular Resources on Wayground

25 questions

The Ultimate College Knowledge Quiz

Quiz

•

8th Grade

20 questions

Math Review

Quiz

•

3rd Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Math Review

Quiz

•

6th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Other

20 questions

Guess The App

Quiz

•

KG - Professional Dev...

11 questions

dog breeds

Quiz

•

3rd Grade - Professio...

40 questions

Disney Trivia

Quiz

•

KG - University

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

19 questions

Minecraft

Quiz

•

6th Grade - Professio...

32 questions

NC Biology EOC Review : Heredity, Genetics, Biotechnology

Quiz

•

KG - University

20 questions

Disney Trivia

Quiz

•

University

24 questions

5th Grade Math EOG Review

Quiz

•

KG - University