diff -r c3b8432718ed -r b71ce151aba8 hws/hw02.tex --- a/hws/hw02.tex Tue Oct 01 13:15:26 2013 +0100 +++ b/hws/hw02.tex Mon Oct 07 17:25:04 2013 +0100 @@ -1,23 +1,46 @@ \documentclass{article} \usepackage{charter} \usepackage{hyperref} +\usepackage{amssymb} \begin{document} \section*{Homework 2} \begin{enumerate} -\item Assume format string attacks allow you to read out the stack. What can you do - with this information? (Hint: Consider what is stored in the stack.) +\item Voice voting is the method of casting a vote in the `open air' for everyone +present to hear. Which of the following security requirements do paper ballots +satisfy better than voice voting? Check all that apply and give a brief explanation +for your decision. -\item Assume you can crash a program remotely. Why is this a problem? +\begin{itemize} +\item[$\Box$] Integrity\bigskip\bigskip +\item[$\Box$] Enfranchisement\bigskip\bigskip +\item[$\Box$] Ballot secrecy\bigskip\bigskip +\item[$\Box$] Voter authentication\bigskip\bigskip +\item[$\Box$] Availability\bigskip\bigskip +\end{itemize} + -\item How can the choice of a programming language help with buffer overflow attacks? -(Hint: Why are C-programs prone to such attacks, but not Java programs.) +\item Explain how an attacker can use chain voting in order to influence the outcome of a +poll using paper ballots. + +\item Which of the following mechanisms help with defending against chain voting? Check all +that apply. Give a brief reason for each defence that mitigates chain voting attacks. -\item (Optional) How can a system that separates between \emph{users} and \emph{root} be of any help with buffer overflow attacks? +\begin{itemize} +\item[$\Box$] Using a glass ballot box to make it clear there are no ballots in the box before the start of the election. +\item[$\Box$] Distributing ballots publicly before the election. +\item[$\Box$] Checking that a voter's ID (drivers license, passport) matches the voter. +\item[$\Box$] Each ballot has a unique ID. When a voter is given a ballot, the ID is recorded. When the voter submits his or her ballot, this ID is checked against the record. +\end{itemize} + +\item What is the main difference between online banking and e-voting? +(Hint: Why is the latter so hard to get secure?) + \end{enumerate} + \end{document} %%% Local Variables: