School of Computing & Knowledge Know-how
CSCI862 System Security
Process 2 (10 marks, worth 10%)
Due 6 Oct 2019 23:55
Make certain you embrace referencing for options the place it may clearly be needed.
1. You’ve got two puzzles with parameters as follows:
Puzzle A: One sub–puzzles. okay = 7.
Puzzle B: four sub-puzzles. okay = 5.
It is advisable current, for every circumstances aside from half (b), the subsequent:
(a) The distribution of the number of circumstances that require each number of hashes. 1 Mark
(b) Make clear the technique you used to amass your distributions. Don’t go into too many particulars or
current working, it’s further “I wrote a C++ program to … after which using … I …”. zero.5 Mark
(c) A graph of the distribution of the data above. zero.5 Mark
(d) The everyday number of hashes needed. zero.5 Mark
(e) The same old deviation for the distribution of the number of hashes needed. zero.5 Mark
It is advisable assume that if there are N doable choices you check the Nth by hashing even when all
others have failed and there must be a solution.
2. Using a TCP SYN spoofing assault, the attacker targets to flood the desk of TCP connection requests
on a system so that it is unable to reply respected connection requests. Take into consideration a server
system with a desk for 512 connection requests. This system will retry sending the SYN-ACK
packet 5 cases when it fails to acquire an ACK packet in response, at 30 second intervals, sooner than
purging the request from its desk. Assume that no further countermeasures are utilized in opposition to this
assault and that the attacker has stuffed this desk with an preliminary flood of connection requests. At
what cost (per minute) ought to the attacker proceed to ship TCP connection requests to this method
to have the ability to make sure that the desk stays full? Assuming that the TCP SYN packet is 64 bytes in
measurement. How loads bandwidth does the attacker devour to proceed this assault? 1 Mark
three. Take into consideration that the incidence of viral attachments in e-mail messages in 1 in 259. Your malware checker
will appropriately set up a message as viral 98% of the time. Your malware checker will appropriately set up
a message as non–viral 98% of the time. Your malware checker has merely flagged a message as being
malware. What is the probability that the message is certainly okay? Justify your reply using Bayes
theorem. 1 Mark
4. Describe, in your particular person phrases, a specific event of an insider placing malware inside a system. You
ought to explain the form of malware positioned, the anticipated likely affect, and some particulars regarding
the end result. This is not meaning a hypothetical state of affairs you’ve got obtained made up, uncover an exact precise
world occasion. 1 Marks
5. Does the utilization of the private entry specifier in declaring a class in C++ current security on the
memory stage? Is it doable to overflow into private variables? Justify your reply. zero.5 Mark
6. Briefly describe, in your particular person phrases, each of the subsequent. Be sure you specify the world and nature
(a) WannaCry. zero.25 Mark
(b) BlueSmack. zero.25 Mark
(c) Emotet. zero.25 Mark
(d) XML Bomb. zero.25 Mark
(e) Cinderella assault. zero.25 Mark
(f) Password mangler. zero.25 Mark
7. Take into consideration the database below and reply the questions primarily based totally on it.
Title Gender School Place Wage
Alex Male Computing Lecturer $80,000
Bob Male Arithmetic Lecturer $60,000
Carol Female Arithmetic Lecturer $100,000
Diana Female Computing Lecturer $60,000
Ewen Male Physics Lecturer $72,000
Fran Female Physics Lecturer $88,000
Gary Male Computing Administrator $40,000
Humphry Male Arithmetic Lecturer $72,000
Ivana Female Computing Tutor $12,000
Jeff Male Physics Administrator $80,000
Kim Female Arithmetic Lecturer $100,000
Lex Male Computing Tutor $12,000
Morris Male Engineering Tutor $15,000
Assume you solely have a statistical interface, so solely mixture queries will in all probability be worthwhile. You already know
Diana is a female Computing Lecturer. The questions below uncover how we might determine her
wage using inference, throughout the presence of various query measurement restrictions.
(a) Assume there isn’t a such factor as a prohibit on the query measurement. Give a sequence of two queries that may set up
the wage of Diana. 1 Mark
(b) Suppose that there is a lower and better query measurement prohibit that satisfies
okay ≤ |X(C)| ≤ N − okay
with okay = 2. Current a sequence of queries that would probably be used to seek out out Diana’s wage.
Notes on submission
1. Submission is thru Moodle.
2. Late submissions will in all probability be marked with a 25% deduction for daily, along with days over the weekend.
three. Submissions higher than three days late isn’t going to be marked, besides an extension has been granted.
4. Should you occur to need an extension apply by the use of SOLS, if doable sooner than the challenge deadline.
5. Plagiarism is dealt with severely. School college students involved will likely get hold of zero.
School of Computing & Knowledge Know-how