Explain the role of a file name and path in locating a file on a hard drive.
File name selects the right file in the final directory in the path
Path identifies the directory entries to follow to find the file
Describe the four basic access rights for files and other resources in general. (CRUD)
Create - a new instance of the resource
Read - the contents of a particular resource
Update - or write or modify a particular resource
Delete - or destroy an existing resource
Describe the format of an executable file.
The executable file has a header which contains the magic number, program size, and layout information.
magic number - a standard data value that appears in the first location of the excutable file
program size - indications of the size of the block of machine instructions that make up the program itself
layout information - addresses and offsets to be used to lay out variables and stack locations in the program’s data section
After the header, the rest of the file contains machine instructions.
Explain the difference between a virus, a worm, and a Trojan
Virus - Infects via program installed by user
Worm - Infects via network connection by exploiting server vulnerabilities
Trojan - Is a malware that first appears benign, but tricks the user into executing it
Or
* Virus – Malicious code that attaches itself to a file or program and spreads when the file is run. Needs human action to activate. * Worm – Self-replicating malware that spreads across networks without user action. * Trojan – Malware disguised as a legitimate program to trick users into installing it, then performs harmful actions.
Name the two requirements that must remain true in order for an operating system to enforce its policy.
- The OS protections are always applied when we access our files, and
- There is no way to bypass the OS protections
objectives for sharing files
- provide computing facilities for authorized users
- preserve the chain of control
- permit/prevent general sharing of information among users
What is window of vulnerability
Time during which an exploit exists but computers aren’t patched
Information states
- Storage state - the information is stored and is not currently being processed. We also call this state “data at rest.”
- Processing state - the information is being used by an active process to make decisions or to transform the information into another form. This is “data in use.”
- Transmission state - the information is being moved from one storage area to another. This is “data in motion.
List the typical steps a vendor follows to release a software patch. PATCHING PROCESS
- colect error reports
- prioritize errors and assign to engineers
- the engineer develops software to fix the error
- software fixes are chosen for a patch
- the patch is tested
- the patch is released
example of modern malware
- Waledac - spreads throgh email; creates a botnet that spreads spam and more malware
- Conficker, also called Downadup - spread through internet via windows vulnerabilities; created a botnet used for spam and malware distribution
- Pushdo/Cutwail - a botnet and spam package that used to produce 7 million messages a day
- ZeuS/Gameover - creates botnet focused on financial fraud
- Cryptolocker/Cryptowall - form of “ransomware” that uses encryption to hold a computer hostage.
- Stuxnet/Flame attacks control logic in industrial plants; probable target was iranian nuclear sites
Describe the components of a state diagram
A technique to illustrate a system’s behavior
– Each state is a separate situation
– Arrows between states show transitions
• A transition indicates both cause and effect
• An event causes the transition
• An action may take place at the transition
explain security patch race
- the software developer races to develop a fix to eliminate the problem
- attackers race to write software that exploits the problem and lets them attack computers
set of flags for each type of process
- processes belonging to the file’s owner
- processes belonging to the system
- processes belonging to others: the world
What is execute access right
Helps distinguish data files from programs. Must have the “execute” right to execute a file containing a program
list of risks:
- Denial of service: someone deletes some of our files or damages software, making all or part of the computer unusable.
- Subversion: a program gets a virus infection or suffers some other malware damage.
- Masquerade: one user logs in, trying to pretend to be another user.
- Disclosure: some of our personal data is disclosed.
- Forgery: someone modifies one of our files without our knowledge, so their statements are presented as our own
Explain the difference between a default permit policy and one that enforces Deny by Default.
Default permit allows all access except for blocked one.
Deny by default blocks all access unless granted.
What is window of vulnerability
Time during which an exploit exists but computers aren’t patched
From the access matrix, there are two obvious strategies for combining access rights:
- Cluster by column: associate access rights with users or processes.
- Cluster by row: associate access rights with resources like files.
a set of flags for each type of process
- processes belonging to the file’s owner
- processes belonging to the system
- processes belonging to others - the world
