Reveal ALL Solution

Worksheet 01: Risk and Threat Modeling

Worksheets are self-guided activities that reinforce lectures. They are not graded for accuracy, only for completion. Worksheets are due by the start of the next lecture via Blackboard link as a single pdf document. Be sure to properly label each question.

Questions

1. How would you define computer security?

   Reveal Solution

   From the book, “computer security is the combined art, science and engineering practice of protecting computer-related assets from unauthorized actions and their consequences, either by preventing such actions or detecting and then recovering from them.” But you can develop other definitions that make sense for you.

2. Which of the six, high-level computer security goals matches the following description: the property of data, software or hardware remaining unaltered.

   Reveal Solution

   Integrity

3. Consider a voting system, like in the US election. Define how each of the six, high-level computer security principles apply to a voting system.

   Reveal Solution

   • Confidentiality: While the vote totals themselves should be known, the system should provide confidentiality for who voted for whom.
   • Integrity: The specific votes should not be changed when casts, and the total vote totals should match the actual results.
   • Authorization: Only the appropriate entities should be able to access the voting systems for the specific tasks required.
   • Availability: The systems should be available when votes are being cast and others cannot make the system unavailable to eligible voters.
   • Authentication: Only voters who are eligible to vote should be able to vote and there should be a system to verify that.
   • Accountability: The vote totals should be auditable and verifiable without violating any other core principles.

4. What is the difference between anonymity and confidentiality/privacy? Can you provide an example of where each might apply to a system?

   Reveal Solution

   Anonymity refers to the fact that one’s actions are not-linked to any public identity. For example, one may desire that websites are unable to make any connection to those who visit them to the visitors real identity. An example system that provides this is Tor.

   Privacy/Confidentiality refers to protecting data that may be considered sensitive, like address, name, or sexual orientation. For example, one may be willing to share this information with a medical professional, but that medical professional should respect your confidentiality and privacy by not sharing it with others, which could occur through appropriate authentication mechanisms on the database where this information resides.

5. Using the terminology of computer security policies and attacks (see Chapter 1.2 in the book), consider the security policy for access to a dorm on campus. Your description should use terms like, assets, security policy, security requirements, secure, non-secure, violated, attack, security violation, controls, countermeasure, denial of service, etc.

   Reveal Solution

   A reasonable security policy for the dorms on campus is that they should only be accessed by either residents of the building, other students on campus, authorized staff, and registered guests of residents of the dorm. A threat to this policy is unauthorized people accessing the dorms, who may want to do nefarious actions, such as steal from students. A threat to this policy is that there are unmonitored doors or entrances to the dorm, and we can control this threat by ensuring that all doors are locked at all times. Another threat is that the designated entrances methods for validating authorized users are disrupted, such as tap-key cards, which would lead to a denial of service.

   (You can write more on this, but it’s only supposed to be an illustrative example)

6. Consider the risk equation \(R = T \cdot V \cdot C\), what do each of the variables in the equation mean.

   Reveal Solution

   • \(R\): Risk - how much risk of an attacker exists
   • \(T\): Threat information – the probability a particular threat will be instantiated by an attacker
   • \(V\): The existence of vulnerabilities
   • \(C\): The value of the assets

7. Explain how the risk equation can be rewritten as \(R = P \cdot C\)

   Reveal Solution

   The values $T$ and $V$ are the probability of an active threat and probability of vulnerabilities, so it can be reduced simply to $P$, the probability of a successful attack. The final equation is then the probability of a successful attack by the cost if the attack was success (\(C\)).

8. What does the acronym DREAD stand for?

   Reveal Solution

   • Damage Potential
   • Reproducibility
   • Exploitability
   • Affected users
   • Discoverability

9. Apply DREAD, where each category is rated on a 10 point scale (10 highest risk, 1 lowest), where an attacker is trying to attack a hardened combination lock on a vault door that is protecting a single family’s jewels. Justify each of the ratings you apply and calculate the final risk analysis.

   Reveal Solution

   • Damage Potential: 10 – high, vault door is open, all jewelry is lost
   • Reproducibility: 5 – With the combo, would work every time, picking the lock may not work every time, also could smash the safe and break the lock. Not all would work every time, some would some wouldn’t
   • Exploitability: 5 – Would need to know the combination lock or be able to pick the lock. Learning the combo and picking the lock are hard.
   • Affected Users: 1 – Would only affect the single family, not everyone
   • Discoverability: 10 – Attacker clearly knows the threats.

   Total risk analysis: \(\frac{10+5+5+1+10}{5} = 6.1\) – medium risk

10. For the above scenario of the family jewels, create an attack tree

    Reveal Solution

           ( Family Jewels) <-- attack goal
                 ^
                 |
           opens safe door   
                / \  
               /    \
        unlocked      locked     
            /          |  \  \
          /      picks-'  |   '- smash lock
      opens door        knows combo
    
    

11. Define the parts of the acronym STRIDE

    Reveal Solution

    • Spoofing identity
    • Tampering with data
    • Repudiation
    • Information Disclosure
    • Denial of service
    • Elevation of privilege

12. Which of the design principles has the following property: The design does not reply on obfuscation or secrets for it security.

    Reveal Solution

    Open design

13. Provide an example using the Jewelry safe from above to apply the principle of Least-Privilege.

    Reveal Solution

    The number of people who have access to the safe box and the combination should be minimized to those who truly need it. For example, it should be stored in a secured home and only one or two people should have the combination.

14. Read the following Wikipedia article about the Sony hack in 2014 and review Chapter 1.8 in the book for why computer security is hard. Choose three of the items from the list of 20 and describe how they made computer security hard in preventing this incident.

    Reveal Solution

    (Your answer may differ than mine)

    • Intelligent, adaptive adversary: Foreign actors with a lot of skills and determination
    • Defender-attacker asymmetry: One vulnerability in a server was all that was needed to access all the data, while the defenders need to protect the whole system.
    • Software Complexity: The attack was very precise at a small part of a large system that is hard to manage.