Lab assignment 6


Q1. Search on the web to find 2 examples of attacks using buffer overflow vulnerability. 
Briefly describe how the malicious code worked.

Q2. Distinguish a virus from a worm. Explain how a virus works

Q3. Discuss with exampls, the security issue of incomplete mediation. Search on the web to 
find 2 examples of incomplete mediation in commonly used system or software. Explain why 
incomplete mediation can occur. 

Q4. Symmetric key cryptography and public key cryptography are alternative approaches 
to encryption. Explain the strengths and weaknesses of the approaches relative to each other.

Q5. When working with a substitution cipher, why is it not necessary to try all the possible
 keys (brute-force attack) in order to break the cipher? (That is, what is a more efficient
 approach to breaking the cipher?) What technique can be used to reduce the effectiveness 
of the more efficient approach?

Q6. In what way is a Public Key Infrastructure (PKI) much more than an implementation of a 
public key crypto algorithm? Include the concept of a Certification Authority (CA) in your 
explanation, as well as an explanation of why CAs are required.


****(Q4,Q5,Q6 are from URL http://phillips.rmc.ca/courses/milis-2004/assignments/asst4.html)****