This preview shows page 1. Sign up to view the full content.
Unformatted text preview: equires root privileges, ping is a setuid binary that elevates to root
as soon as it starts, and then sends the ICMP packets, receives the
response and shows the output.
What security principle does this design violate?
◦ Conﬁnement Principle
Principle of Least Privilege
Low Coupling Design Answer: Principle of Least Privilege.
Only sending the packet requires root privilege: the code
that parses the response and shows the output doesn’t need
to run as root.
(d) (2 points) Which one of the following mechanisms is NOT an integral component required for Android application isolation?(circle
◦ Application code signing
Android permission system
Linux process isolation Answer: Android permission system Page 8 4. (8 points) Trusted Computing
(a) (1 point) How is a TPM implemented? (circle one)
◦ Entirely in software.
In the BIOS ﬁrmware.
As a hardware component in the system.
Using the SKINIT x86 instruction.
As a cloud service. Answer: As a hardware component in the system.
(b) (1 point) Suppose that BIOS code is updated by a ﬁrmware update.
How would the system enable access to blobs previously sealed to the
current BIOS version? (circle one)
◦ It is not possible to patch the BIOS in this architecture.
The patch process must re-seal all blobs with new PCR values.
All blobs must be decrypted and stored in cleartext.
The TPM will decrypt old blobs even after the update. Answer: The patch process must re-seal all blobs with new
(c) (1 point) In BitLocker, what is the purpose of the boot-time PIN or
USB key? (circle one)
◦ To annoy the user.
◦ So that if the machine is stolen, the attacker cannot decrypt the
◦ So that malware cannot change the OS loader.
◦ To prevent moving the disk to another machine.
Answer: So that if the machine is stolen, the attacker cannot
decrypt the disk.
(d) (1 point) A TPM can be used to speed up hard drive encryption (e.g.,
Answer: False. It i...
View Full Document
This document was uploaded on 02/23/2014.
- Spring '14
- Computer Security