Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

COMP3911 Secure Computing

Coursework 1

This is a short threat analysis exercise, worth 15% of your overall grade. Answers to the questions below should be submitted using Gradescope.

Scenario

A popular software application is distributed to its users via a website.  A particular user downloads this application to run on their PC.

The user’s PC is running a security tool named AppCheck, designed to detect the presence of suspicious executable files on the system. AppCheck works by computing the MD5 hash of each downloaded executable file that it finds on the system, comparing that hash with a database of known hashes for popular software applications. If a computed hash does not match the value found in the database, AppCheck will display a warning to the user.

This database of known hashes is maintained and regularly updated by the developers of AppCheck.  An up-to-date copy of the database is downloaded automatically by AppCheck onto the user’s PC, once a day.

Questions

Question 1 (18 marks)

Consider the threat that the user in the scenario above might download malware pretending to be the popular software application, and that AppCheck will fail to issue a warning about this.

Discuss three distinctly different ways in which an attacker might achieve their aim of preventing AppCheck from issuing a warning for the malware.

Each attack discussion is worth 6 marks.  For full credit, you need to think of different approaches rather than describing minor variations of the same attack.

Hint: consider all aspects of the AppCheck system and how it operates on the user’s PC. You may find it useful to sketch a data flow diagram for the systems involved in the scenario, to give you a focus for your thinking. (Note: we do not expect to see this diagram, and you will not be able to submit it.)

Question 2 (12 marks)

Discuss measures that can be implemented to mitigate the different attacks described in Question 1.

Each discussion is worth 4 marks (1 mark for identifying the measure properly, 3 further marks for explaining in sufficient detail why this solves the problem).

Submission

Submit your answers to the preceding questions using Gradescope, via the link provided for this purpose in the Submit My Work subfolder in Minerva. You will find this in the Assessments and Feedback folder.