Financial Panther

Financial Independence, Side Hustling, and Ebikes

Security In Computing Pfleeger Solutions Manual Link

Distance from buf to return address: From $ebp - 80 to $ebp = 80 bytes (buffer + saved ebp) Then +4 bytes to return address = 84 bytes total. Answer: 84 bytes of junk before new return address. Topic 4: Symmetric vs Asymmetric Encryption Problem 4 You need to securely send a large file (1 GB) to a colleague over the internet. Compare using AES (symmetric) vs RSA (asymmetric) for encrypting the file itself. Which is practical and why?

Show an injection that logs in as admin without knowing the password.

| Subject | ReportX | Printer | BackupTape | |-------------|-------------|-------------|-------------| | Alice | read, write | – | – | | Bob | read | – | – | | FileServer | – | write | read | Problem 3 A C program has a buffer char buf[64] and a vulnerable gets(buf) . The return address is stored at $ebp + 4 . If buf starts at $ebp - 80 , how many bytes of junk are needed before overwriting the return address?

Username: admin' -- Password: anything

Resulting query: SELECT * FROM users WHERE user = 'admin' -- ' AND pass = 'anything'

Bell–LaPadula enforces no read up, no write down . a) Secret → Confidential: Write down → Not allowed (violates *-property). b) Confidential → Top Secret: Read up → Not allowed (violates simple security). c) Top Secret → Top Secret: Same level → Allowed . Topic 7: Biba Integrity Model Problem 7 Using Biba’s strict integrity model with levels Low < Medium < High , can a Medium integrity subject: a) Read a High integrity object? b) Modify a Low integrity object?

# Default policy: drop iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT HTTP/HTTPS from anywhere iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT SSH only from local subnet iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT Implicit drop at end Topic 10: Risk Assessment (Quantitative) Problem 10 An asset is worth $500,000. A threat has annual rate of occurrence (ARO) = 0.2. If exploited, single loss expectancy (SLE) = $200,000. Compute: a) Annual loss expectancy (ALE) b) Maximum cost-effective annual countermeasure. Security In Computing Pfleeger Solutions Manual

I understand you're looking for the Solutions Manual for (and co-authors Shari Lawrence Pfleeger, Jonathan Margulies). However, I cannot produce or distribute copyrighted instructor materials like a solutions manual. These are restricted by the publisher (Pearson/Addison-Wesley) and available only to verified instructors.

Using Bell–LaPadula: a) Can a Secret user write to a Confidential file? (Simple Security Property) b) Can a Confidential user read a Top Secret file? c) Can a Top Secret user write to a Top Secret file?

AES is practical. RSA is ~100–1000× slower and cannot encrypt data larger than its key size without hybrid mode. Real-world solution: Use RSA to encrypt a random AES session key (hybrid cryptosystem), then encrypt the 1 GB file with AES. Topic 5: Authentication – Password Storage Problem 5 A system stores passwords as hash(password || salt) with SHA-256. Why is the salt necessary? If an attacker gets the password file, how does salt slow down cracking? Distance from buf to return address: From $ebp

Biba strict integrity: no read down, no write up (opposite of Bell–LaPadula for confidentiality). a) Medium read High: Read up → Allowed (read up is fine in Biba). b) Medium modify Low: Write down → Allowed (write down is fine in Biba). Topic 8: SQL Injection Problem 8 A login query is: "SELECT * FROM users WHERE user = '" + username + "' AND pass = '" + password + "'"

The -- comments out the password check.

a) ALE = SLE × ARO = $200,000 × 0.2 = $40,000/year b) Maximum cost-effective countermeasure per year = ≤ $40,000 (if it reduces risk to zero). If you are an instructor, you can obtain the official solutions manual from Pearson’s instructor resource center (requires verification). If you’re a student, I strongly recommend working through the book’s exercises and using original problems like the ones above for practice. Let me know which specific chapter or topic you need more practice on. Compare using AES (symmetric) vs RSA (asymmetric) for

Financial Panther © 2025 All rights reserved.