CS-3310 - 05 Security - Authentication and Exploits

What is the Lamport hash chain?

Sequence of hashed passwords.

What is challenge-response authentication?

Response using secret + challenge.

What is two-factor authentication?

Two independent auth factors.

What is biometric authentication?

Using physical traits.

Give examples of biometric methods.

Fingerprint, iris, voice, signature.

What is a side-channel attack?

Extracting secrets via analysis.

What is a buffer overflow attack?

Overwriting memory via overflow.

What is shellcode?

Malicious injected machine code.

What is a NOP sled?

Buffer guiding execution to shellcode.

What are stack canaries?

Values detecting stack corruption.

What is DEP or the NX bit?

Prevents executing data memory.

What is Address Space Layout Randomization (ASLR)?

Randomized memory layout.

What is return-oriented programming (ROP)?

Chaining code gadgets.

What is a non-control-flow-diverting attack?

Changing data, not execution.

What is a format string attack?

Using printf to write memory.

What is a dangling pointer attack?

Using freed memory maliciously.

What is a null pointer dereference exploit?

Mapping page 0 to run code.

What is an integer overflow attack?

Numeric wraparound exploit.

What is a command injection attack?

Injecting OS commands.

What is a TOCTOU attack?

Time-of-check/time-of-use race.

What are insider attacks?

Attacks by trusted users.

What is a logic bomb?

Malicious conditional trigger.

What is a backdoor?

Secret bypass into a system.

What is login spoofing?

Fake login capturing credentials.

What is a rootkit?

Stealthy privilege-hiding malware.

What is spyware?

Software secretly monitoring users.