computer security

CO4509 - Computer Security Assignment 1

Martin Bateman [email protected]

February 25, 2020

Due date: 22 March 2020 11:59pm Weighting: 50% Size: 12 pages

Assignment Description In this assignment you should report on the Cache Poisoned Denial of Service (CPDoS) vulnerability from 2019. You should write a report that describes Content Distribution Networks (CDN), how they work and how they used. You should describe CPDoS and how to perform the exploit as well as any solutions you can find or devise to defend against it. Finally give predictions to the likely impact of CPDoS. Make sure to include references to all souces of information.

Requirements Your should investigate the following:

• Principles of CDN.

– include an example of use.

• Description of the CPDoS exploit.

• Critical discussion of two possible solutions to the CPDoS exploit.

• Your analysis of the likely future importance and effectiveness of CPDoS.

Learning Outcomes 1. Analyse potential threats to computer systems and networks and eval- uate countermeasures

5. Critically evaluate security policies and techniques

1

6. Research and report on a security-related topic, using appropriate literature

Submission The assignment work should be submitted as a Word document or Portable Document Format to the correct assignment slot on Blackboard1 before 11:59pm on the 22 March 2020.

Late work Late work must be submitted to Blackboard in the required assignment slot.

Penalties for late submission Except where an extension of the hand-in deadline date has been agreed (using extenuating circumstances forms), lateness penalties will be applied in accor- dance with University policy as shown in Table 12.

(Working) Days Late Penalty up to 5 maximum mark 50% more than 5 0%

Table 1: Late submission penalty

Extenuating circumstances If you believe that you have circumstances that justify an extension of the hand-in deadline for your assignment work, you should use the Extenuating Circumstances procedure. Extensions (to a maximum of 10 working days) can be granted when there are serious and exceptional factors outside of your control. Everyday occurrences such as colds and hay fever do not normally qualify for extensions. Where possible, requests for extensions should be made before the submission date.

The University considers extenuating circumstances to be conditions that significantly impact on your work. Normally these will cover more than one module. Requests for consideration of extenuating circumstances in respect of assignment work submission, should be made using the MyUCLan3. You

1http://portal.uclan.ac.uk/ 2https://www.uclan.ac.uk/study_here/student-contract-taught-programmes.php 3http://myuclan.uclan.ac.uk/

2

shoud speak to your Academic Advisor prior to submitting. Whilst extenuating circumstances are being considered, you should inform relevant module leader, and continue with the assignment.

Feedback Feedback will be given to the class within 15 working days of the assignment hand-in date. This may be done in the first fifteen minutes of the lecture. This will be followed by individual written feedback tying to the Learning Outcomes listed in the assignment brief, together with any additional helpful feedback such as areas for improvement and areas for improvement.

Plagiarism The University uses an electronic plagiarism detection system where your work could be uploaded, stored and cross-referenced against other material. You should know that the software searches the WWW, an extensive collection of reference material and work submitted by members of the same cohort to iden- tify duplicates.

For detailed information on the procedures relating to plagiarism, please see the current version of the University Academic Regulations4.

Reassessment and Revision Reassessment in written examinations and coursework is at the discretion of the Course Assessment Board and is dealt with strictly in accordance with University policy and procedures. Revision classes for referrals will take place during ’reassessment revision, appeals and guidance week’ as marked on the academic calendar.

The mark for the reassessed component is subject to a maximum of 50%.

4https://www.uclan.ac.uk/study_here/student-contract-taught-programmes.php

3

A ss

es sm

en t

cr it

er ia

F a

il (3

0 )

P a

ss (5

0 )

M er

it (6

0 )

D is

ti n

ct io

n (7

0 )

8 0

(8 0

) Is

su es

(5 0

) B

ri ef

d es

cr ip

ti o

n ,

d et

a il

s a

re n

o t

cl ea

r o

r el

em en

ts o

f th

e d

es cr

ip ti

o n

a re

co m

p le

te ly

m is

si n

g .

P o

o r

d es

cr ip

ti o

n o

f C

D N

. P

o o

r d

es cr

ip ti

o n

o f

C P

D o

S .

G o

o d

d es

cr ip

ti o

n o

f b

o th

D N

S a

n d

C P

D o

S .

O r

a n

ex -

ce ll

en t

d es

cr ip

ti o

n o

f o

n e.

E x

ce ll

en t

d es

cr ip

ti o

n o

f b

o th

C D

N a

n d

C P

D o

S .

E x

ce ll

en t

d es

cr ip

ti o

n o

f C

D N

a n

d C

P D

o S

. In

cl u

d e

te ch

n i-

ca l

d et

a il

s (c

o d

e) w

it h

a n

ex -

p la

n a

ti o

n o

f h

o w

th e

ex p

lo it

is tr

ig g

er ed

. P

re ve

n ti

on (2

0 )

B ri

ef d

es cr

ip ti

o n

. P

o o

r d

es cr

ip ti

o n

o f

h o

w to

p re

v en

t th

e is

su e.

O b

v io

u s

m ea

n s

o r

o n

ly lo

o k

s a

t o

n e

a sp

ec t

o f

p re

v en

ti o

n .

G o

o d

d es

cr ip

ti o

n .

W h

en g

iv en

to a

n ex

p o

rt th

ey co

u ld

p re

v en

t th

e is

su e.

E x

ce ll

en t

d es

cr ip

ti o

n .

W h

ic h

w h

en g

iv en

to so

m eo

n e

w it

h te

ch n

ic a

l k

n o

w le

d g

e w

o u

ld a

ll o

w th

em to

p re

v en

t th

e is

- su

e.

C le

a r

te ch

n ic

a l

d et

a il

ed in

- cl

u d

in g

co d

e/ co

n fi

g u

ra ti

o n

th a

t n

ee d

s to

ch a

n g

ed .

P re

di ct

io n

s (2

0 )

S h

o rt

p re

d ic

ti o

n s

w h

ic h

co u

ld b

e m

a d

e b

y a

n y

o n

e, e.

g .

” it

w il

l b

ec o

m e

m o

re im

p o

rt a

n t”

.

P re

d ic

ti o

n s

o f

fu tu

re im

p a

ct a

re p

o o

r b

u t

se em

in g

ly co

r- re

ct .

M a

y ju

st b

e ju

st o

p in

io n

o r

b a

ck b

y ci

ta ti

o n

s (w

h ic

h m

a y

n o

t fu

ll y

b a

ck u

p th

e ca

se ).

P re

d ic

ti o

n o

f fu

tu re

im p

a ct

a re

g o

o d

b u

t o

n ly

b a

ck ed

u p

b y

o p

in io

n .

M a

y b

e fe

w ci

ta -

ti o

n s.

S en

si b

le p

re d

ic ti

o n

s, b

a ck

ed b

y ci

ta ti

o n

s. E

x ce

ll en

t p

re d

ic ti

o n

s o

n fu

- tu

re im

p o

rt a

n ce

a n

d eff

ec -

ti v

en es

s o

f cl

o u

d se

cu ri

ty se

- cu

ri ty

b a

ck ed

u p

b y

ci ta

- ti

o n

s. C

a se

m a

d e

u se

s cu

rr en

t li

te r-

a tu

re (l

es s

th a

n a

y ea

r o

ld ).

P re

se n

ta ti

on (1

0 )

L o

ts o

f sp

el li

n g

a n

d g

ra m

- m

a ti

ca l

m is

ta k

es .

D iffi

cu lt

y in

u n

d er

st a

n d

in g

w h

a t

w a

s m

ea n

t in

so m

e ca

se s.

S o

m e

sp el

li n

g a

n d

g ra

m m

a t-

ic a

l m

is ta

k es

. F

ew sp

el li

n g

a n

d g

ra m

m a

ti -

ca l

m is

ta k

es .

A ll

d ia

g ra

m s

a re

la b

el le

d a

n d

p re

se n

te d

lo g

ic a

ll y.

W el

l w

ri tt

en a

n d

g ra

m m

a ti

- ca

ll y

co rr

ec t.

P u

b li

sh a

b le

q u

a li

ty .

4