Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Without your knowledge, a malicious Trojan horse has been planted in your defaul

ID: 3750540 • Letter: W

Question

Without your knowledge, a malicious Trojan horse has been planted in your default web browser that you frequently use to access your bank account online. The attacker that planted the Trojan horse already set up the backdoor to silently capture your account number and password, but he/she needs a way to get this information off of your computer and sent across the network to himself/herself.

List two covert channels that the attacker can use to leak information about your bank accounts to himself/herself somewhere in the network. You may assume that the attacker can arrange to host a web site that you will visit or even sniff HTTP GET requests. There are lots of possibilities – be creative!

Explanation / Answer

Answer)

A malicious Trojan horse is planted in a web browser that is used to frequently access your bank account online. Thus the attacker is able to silently capture your account number and password but he need a way to get the information from your system to his accessible system. Thus, he will need a covert channel here. A covert channel is a type of attacking scenario wherein the attacker can information objects between processes that should not be transferrable via normal means and are not allowed via computer security policy. Covert channels are hidden and are thus non- legitimate data transfer mechanisms of the computer system and thus cannot be detected by much security mechanisms.

Here there are 2 options so that the attacker can use to leak information about your bank accounts to himself/herself somewhere in the network:

a) Using Timing channels - which uses a clock or measurement of time to signal the value which is sent over the network channel. For example, the attacker can use the system's paging rate to make a covert channel.

b) Using storage channels - where in one process will write something to the shared resource, where the attacker will have another process which reads from it. This is indirect reading of the information. Thus the implementation can be well served using a printing queue which uses storage channels.

Related Questions

Without graphing, answer the questions for the following linear system. x + 4y =
Question #3036580
Without graphing, answer the questions for the following linear system. yx=3 x+y
Question #3038989
Without international trade, what is the relationship between a country\'s CPF a
Question #1203169
Without knowing anything I wrote a big application, almost 1 year coding. It doe
Question #660846
Without knowing its required rate of return (ie, hurdle rate) for use in the eva
Question #2514086
Without listing the elements of the left cosets, determine if (123)//= (132)//fo
Question #1720795
Without looking at the standard prelude, define the following library functions
Question #2875849
Without mentioning your company’s name, describe your company’s health plan in p
Question #369144
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Without worrying about formal proofs for the moment, decide if the following sta
Next
Without, actually doing any integrals determine whether the following integrals

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.