本次英国代写是一个C汇编安全的限时测试
1. Consider the following C code fragment:
1 i n t
2 main ( i n t argc , cha r a rgv )
3 {
4
5 i n t n ;
6
7 i f ( a r g c > 1)
8 n = f o o b a r ( a rgv [ 1 ] ) ;
9 i f ( n )
10 p r i n t f (” He l l o : %s (%d )\ n ” , a rgv [ 1 ] , n ) ;
11
12 e x i t ( n ) ;
13 }
14
15 i n t
16 f o o b a r ( cha r a rg )
17 {
18
19 cha r msg [ 5 1 2 ] = { 0 , } ;
20
21 s t r c a t (msg , ” He l l o : ” ) ;
22 s n p r i n t f (msg + s t r l e n (” He l l o : ” ) , \
23 s i z e o f (msg ) s t r l e n (” He l l o : “) 1 , a rg ) ;
24 r e t u r n s t r l e n (msg ) ;
25 }
a. Give a thorough description of the program’s vulnerability. In particular,
name the vulnerability (1 mark) and provide a detailed overview of its
exploitation (3 marks). Then, identify and explain thoroughly all the
components that are involved in the exploit (4 marks).
[8 marks]
b. How would an attacker exploit the vulnerability? Hint: describe in detail
what the injection vector would look like (and what retaddr and retloc
the attacker may use). Use symbolic values and addresses when needed
(no need to write down the shellcode).
[10 marks]
c. Would StackGuard or a bounds checker mitigate the vulnerability (1
mark)? Explain clearly the reasons (4 marks).
[5 marks]
d. How can the program be fixed?
[2 marks]
2. A secure software development lifecycle requires security engineering to fit
into all the phases of the software development process.
a. In which way does security engineering fit into requirements, design,
implementation, and testing/assurance? Motivate your answer. [7]
b. What is a threat model and why is it important? [4]
c. Consider Leslie Lamport’s Gold Standard.
i. What is it? [2]
ii. Explain each of Lamport’s Gold Standard. [12]