CAP6135: Malware and Software Vulnerability Analysis
(Spring 2010)

Home                      Lecture notes                        Assignment

Homework 2: Basic Knowledge on Software Security and Malware (Due: Apr. 2nd)

1. What are the three basic security objectives (or called CIA)?
2. What are spam? Phishing? Email virus/worm? What are the difference between Phishing attack and Pharming attack?
3. What are the differences between public key crypto and symmetric crypto? What are their advantage and disadvantage?
4. What are the full names of DES, AES, 3DES? Why they use cipher block chaining?
5. Given a message m, what is its digitial signature? How does a recipient verfiy a received message based on the digital signature?
6. What is a digital certificate?
7. For the following function :
        void foo(int i){
              int x; char buf[10];
              x = i*i;
    When this function is called and assume its variable x is saved at the beginning address of 0xff010910. What is the address space range used for the variable buf[]?
8. What is an integer overflow? Why it is hard to discover than normal buffer overflow?
9. How does StackGuard protect a code from a normal buffer overflow?
10. What is a fuzz testing? What are the three major types of "code coverage"?
11. What is a CAPTCHA? Why it is effective?
12. What are the differences between virus and worm?
13. What are botnets? Why current botnets are hard to defend?
14. What is a honeypot? honeynet? rootkit?