Security properties

In this exercise, let us assume that a hacker has found several vulnerabilities on the SecLab CTF server. By exploiting those vulnerabilities, that hacker is able to realize several attacks.

1. For each attack below, discuss the security property/ies as either “confidentiality”, “integrity”, “availability” that is/are at risk .

   • read the solutions submitted by other users
   • modify its own solution after the deadline
   • read the handout of a challenge before its release data
   • submit a solution to a challenge on behalf of another user
   • delete someone’s else solution
   • prevent users from submitting solutions
   • shutdown the server
   • steal all usernames and passwords
   • use the server to mine bitcoins
   • opens a backdoor on the server as root

2. Now, let’s do it the other way around! Come up with 3 possible attacks on SecLab, one for each security property and different than the ones given above.

Risk Assessment Analysis

1. Briefly explain the concept of risk exposure and explain how risk exposure are compared between each other (a.k.a triaging risk exposure)?

2. For each person below, do his/her risk assessment analysis by coming up with a sorted list of risks with probability and impact factor.

   • a UofT student
   • the founder of a startup
   • a public figure
   • a political leader