Final

Due: Thursday, Dec 15 12:00PM

NOTE: this page will be updated at the start of the final exam with links to the exam questions.

Logistics

When: Thursday December 15th, 9am - 12pm

Where: you may take the exam either remotely or in-person. If you wish to attend in-person, we will be holding the exam in our usual classroom (Olsson Hall 120). In either case, you will need to have access to a working computer and a stable internet connection to take the exam.

What: the CS3710 final exam! 🙂 The final is worth 14 points; read on for more details about how it will be structured.

Exam policy

You may use any notes or online materials you wish during the exam. You may not ask other students or anybody outside of the class for help. As with the midterm I will not be offering help on the problems, although I am happy to answer any clarifying questions you may have.

Please let me know as soon as possible if you run into any major technical issues that bar you from being able to complete the exam. If necessary, I will grant extra time (on a case-by-case basis) to students who encounter significant obstacles in the exam infrastructure that prevent them from taking the exam in the three-hour period.

Structure

The exam will include four questions, one for each of our major defensive topics: cryptography, networking, access control, and detection. You may choose any two questions and answer them; each question will be worth seven points.

The exam will include an interactive component in Virginia Cyber Range as well as a written component. It will be non-comprehensive; it will not (explicitly) include any of the offensive topics from the first half of the semester (e.g. web vulnerabilities, remote code execution, etc.) I would nonetheless suggest at least skimming over the slides from the first half of the semester as they may help you in answering the written component of the exam.

The interactive component of the exam will be structured somewhat similarly to PA#2, Lab 5, Lab 6, and Lab 7. You will be expected to have a good understanding of the relevant tools and topics for each of the problems, so the grading guidelines will be slightly stricter than they were for the assignments.

Study guide

Here is a rough outline of the topics we covered during the defensive portion of the semester (not including the extra topics at the end). You should make sure that you understand these in advance of the final.

You may study for the exam however you wish, but keep in mind that you only have to answer two of the four questions. 🙂 You may find it preferable to have a good understanding of all four topics, or to do a deep dive into just two or three of them. In either case, some ways you can study for the exam are

  • re-watching the lectures (all recordings are available through Collab);
  • going back through the slides and your notes; and
  • stepping through the assignments for each of these units.

Cryptography

  • Hashing
    • Password hashing
    • Salting, rainbow tables
    • MD5, SHA, scrypt
  • Symmetric encryption
    • One-time pads; constructing a one-time pad from a PRG
    • AES and ChaCha20
    • Nonces, nonce reuse attacks
  • Message integrity
    • Message authentication codes (MACs)
    • Hash-based MAC (HMAC)
    • Authenticated encryption
    • AES-GCM, ChaCha20-Poly1305
  • Asymmetric encryption
    • Key exchange
    • Digital signatures
    • RSA, elliptic curve crypto
  • Additional topics from Programming Assignment #2:

Networking

  • Protocols
    • Packets
    • The OSI model
    • Network-layer protocols: IP
    • Transport-layer protocols: TCP, UDP
    • Application-layer protocols: DNS, HTTP, SSH, etc.
  • Reverse proxies (note: mitmproxy/forward proxies will not be on the exam)
  • Transport Layer Security (TLS)
  • Network security
    • Goals of network security
    • Network segmentation
  • Firewalls
    • Purpose and function
    • Blocking ingress traffic vs blocking egress traffic
  • nftables (Lab #5)
    • Setting up nftables firewalls
    • Reviewing nftables logs

Access control

  • Goals of access control
    • Purpose
    • Types of access control
    • Principle of least privilege
  • Authentication vs authorization
    • AuthN: who someone is
    • Means of verifying a person’s identity (something they know, something they have, something they are)
    • AuthZ: what they can do
    • Recovery and support
  • Access control models: DAC, RBAC, MAC, ABAC
  • Linux DAC
    • Users and groups
    • Meanings and types of permissions
    • Finding permissions on files and directories: ls -l
    • Changing permissions and ownership: chmod, chown
  • Other Linux access control mechanisms
    • Capabilities
    • Linux Security Modules; AppArmor
  • Sandboxing (Lab #6)

Detection

This unit has the most connections back to the offensive portion of the class. I would particularly recommend making sure you have a broad understanding of offensive topics if you are considering working on the detection problem.

  • Detection
    • Detecting common malicious activity: scans, C2, remote code execution
    • Common challenges in detection
  • Indicators of compromise
    • Purpose and use
    • IOCs: logs
    • IOCs: authentication activity
    • IOCs: network artifacts
    • IOCs: filesystem artifacts
  • YARA (Lab #7)
  • Incident response
    • Goals
    • Malware analysis
    • Planning for and recovering from breaches