EECS 485, Fall 2013

Midterm Exam

This exam is closed book. You are permitted one 8.5x11 double-sided sheet of notes.

Please write your uniqname at the top of every page of the exam. This helps us keep exams organized in
case the sheets become detached.

This exam consists of 6 questions, which are multi-part. The highest possible score on this exam is 80
points. You are permitted 80 minutes to finish.

You may use a dedicated electronic calculator for this exam if you so choose. You may not use any other
electronic devices.

Please check now to ensure that any wireless devices you may have with you are turned off, so as not to
disturb others. You are not permitted to use any wireless or general-purpose electronic device, even if only
for calculator-style functionality.

Do not start work on this exam until you are instructed to do so.


I have neither given nor received aid on this examination, nor have I concealed any violations of the
Honor Code.

Your signature:



Your name (printed):



Your uniqname (printed):
Your uniqname: _____________________ 2
Problem 1. Web Basics

1.1 (5 points) Assume a browser user renders an HTML page from a social network-style website that uses
the standard multi-tier architecture as discussed in class. Consider the following pairs of events that are
associated with the request. (Ignore events that might be linked to other users on the system.) If an event
could happen multiple times in the course of the interaction, consider the first time the event could take
place.

In each pair of events below, circle the event that happens first, chronologically. When you are done, you
should have five events circled, one for each pair.

Pair A) The database tier processes a SQL query
OR The browser uploads cookie information

Pair B) The server receives it first SYN packet
OR The browser runs its first piece of JavaScript code

Pair C) The server transmits its first ACK
OR The browser starts to render the first image

Pair D) The server transmits a signed certificate
OR The browser transmits data encrypted using symmetric-key cryptography

Pair E) The Certificate Authority signs an object on the HTTP servers behalf
OR A client encodes data using the HTTP servers public key





1.2 (2 points) It is possible to use cookies as the exclusive store of application state, but this is rarely done.
Which of the following reasons explain why? (Circle all that apply)

a. The HTTP server must request each cookie, causing many network roundtrips
b. Cookies are not guaranteed to be supplied by the browser
c. Cookie state is shared across all sites that the browser visits
d. Cookie data is only available to a website while the user is currently visiting the site

Your uniqname: _____________________ 3
Problem 2. TCP/IP

2.1 (8 points) Imagine that a TCP/IP connection is established on a link that has a round-trip transmission
time of 0.5 seconds. The receiver wants to receive no more than 10 MB/sec. How many bytes should fit
into its advertised window size?


Imagine that 10Kb can fit into a single packet, that the sender wants to send 30 MB, and that the sender has
a timeout time of 5 seconds. Assuming that computation on either side is instantaneous, and that we do not
count connection setup time, and that a single packet is dropped, how much time passes between the
senders first transmission and when it receives the ACK for the final packet?


Now imagine that the TCP congestion window begins at cwnd=1, and TCP begins the slow-start procedure.
If the flow control window size is wnd=20, how many roundtrips will take place before the congestion
control window is the larger of the two windows?



2.2 (2 points) TCP/IP is the standard networking protocol, but some internet service companies have
chosen to use raw IP (UDP) for some internal systems, especially logging. What are some possible reasons
they might have chosen to do so? Circle all that apply.

i. Log data is important in the aggregate, but any one log message is unimportant.
ii. TCP receive buffers made up a large percentage of available RAM.
iii. The network infrastructure is controlled by the companies, and can be engineered to handle a given
level of capacity without congestion
iv. The TCP version of the software used very long-lived TCP connections.



Your uniqname: _____________________ 4
Problem 3. Data Privacy and Security
3.1 (6 points) Consider the following database of computer science Michigan grads, along with the cars
they drive, their college, and their average grade:
1 Female Toyota Engineering B+
2 Male Ford Engineering A
3 Female Chrysler Engineering A-
4 Male Chevrolet LSA C+
5 Male Ford LSA B-
6 Female Chevrolet LSA B

The rightmost column is the sensitive attribute, and the others are non-sensitive. We would like to release
the data in the three non-sensitive columns while preserving 2-anonymity (that is, k-anonymity where k=2).

There are 18 data values in rows 1-6 and the three non-sensitive columns. Choose up to 6 of these values
to replace with a star (*) so the resulting database is 2-anonymous. Circle the values you would like to
replace.


3.2 (2 points) Is a homogeneity attack possible on the resulting obscured database? Either demonstrate one,
or explain why not.



3.3 (3 points) For the following questions, encryption is denoted with enc and decryption with dec. The
key is described in the subscript. Thus, U encrypts a message M with Us private key would be written as
enc
U-priv
(M). A hash function is applied as hash().

a. If a sender T wants to sign a message that only U can read, what data should T send?


b. If a sender U wants to send a message M in the clear such that any mid-flight changes are detectable by
the recipient, what should the sender transmit?


c. What should the recipient of that message do, in order to test if the message was changed in-flight?
You should describe this in pseudocode (do not simply apply keys).

Your uniqname: _____________________ 5
3.4 (2 points) Which of the following are true of a public-key cryptography system? (Circle all that apply)

i. If an attacker can modify a signed digital certificate during transmission, then the system is compromised.
ii. If a clients software can be modified by an attacker, then the security of the system is compromised.
iii. Most clients use only the encryption mode and never have to consider the signature mode.
iv. To keep computational cost down, most bytes in a secure public-key-encrypted conversation are not
actually public-key encrypted.

3.5 (6 points) Suppose you have been given p=5, q=13 for a public key encryption scheme.
What is n?

What is lambda?

What is d?

What is e?

What is the public key?

What is the private key?
















Your uniqname: _____________________ 6
Problem 4. JavaScript
4.1 (10 points) Youve just unearthed this snippet of JavaScript hiding in your companys vast legacy
codebase. Luckily, you know how to make the code a little safer by using a closure.
var device = {
name: Mikes iPhone,
securityCode: 1337,
}

You should write a new device object using a closure. The new object should offer two methods:
setSecurityCode(oldCode, newCode)
getName()

When setSecurityCode() is invoked, the device object should check the provided oldCode against
a stored securityCode variable. If the two codes match, then set securityCode to newCode. If
they do not match, then do nothing (simply return). You must make sure that securityCode cannot be
externally modified, except via setSecurityCode(). The name variable should not be modifiable.

The object you create should be used as follows:
console.log(device.getName()) // Mikes iPhone
device.setSecurityCode(1337, 1234) // changes security code



















Your uniqname: _____________________ 7
4.2 (6 points) Another JavaScript program:
var zingermans = {
loc: "Ann Arbor",
numStores: 3,
sellsPastrami: "true",
addr: {
streetNum: 422,
streetName: "Detroit St"
}
}
var F = function(){}
F.prototype = zingermans
var mujos = new F()
mujos.numStores = 1
mujos.sellsPastrami = "false"
mujos.sellsBurritos = "true"
mujos.addr.streetNum = 100
mujos.addr.streetName = "Duderstadt St"

What are the values of the following expressions?
zingermans.numStores



mujos.addr.streetName



zingermans.addr.streetName



mujos.__proto__ (i.e., what is the prototype object of mujos?)



zingermans.__proto__ (i.e., what is the prototype object of
zingermans?)




Your uniqname: _____________________ 8
Problem 5. XML
Consider the following fragment of XML, stored in universities.xml. For all of the below questions, the
result of your query does not have to be well-formed.
<universities>
<university>
<name>The University of Michigan</name>
<city>Ann Arbor</city>
<schools>
<school>
<name>College of Engineering</name>
<numstudents>8000</numstudents>
<departments>
<department>EECS</department>
<department>AOSS</department>
</departments>
</school>

<school>
<name>Dentistry</name>
<price>100</price>
</menuItem>
</schools>
</university>

<university>
<name>The Ohio State University</name>
<city>Columbus</city>
<schools>
<school>
<name>College of Engineering</name>
<numstudents>6000</numstudents>
<departments>
<department>Computer Science</department>
<department>Electrical Engineering</department>

</departments>
</school>

<school>
<name>Arts and Sciences</name>
<price>12000</price>
<departments>
<department>Classics</department>
<department>Physics</department>

</departments>
</school>
</schools>
</university>
</universities>




Your uniqname: _____________________ 9
5.1 (6 points) Write an XPath expression for each of the following goals:
i. All of the departments in any school in any university



ii. All information about The University of Michigan (i.e., the entire XML element)



iii. All universities that have a department of Computer Science.



5.2 (6 points) Imagine that the above XML snippet is in fact the entire file. Write down the output of each
of the following XQuery programs when run on the XML file data presented above.

i) for $x in doc(universities.xml)//university
return <result>{$x}</result>










ii) let $y := doc(universities.xml)//departments
return <result>{$y/department}</result>








Your uniqname: _____________________ 10
Problem 6. Web Search

6.1 (6 points) Consider a document corpus that consists of 5 documents. When building the index, be sure
to ignore all stop words --- these are words that are so common we never expect them to give good
results and they should not be in the index. Your stop words should include the, to, are, is, and
that.
Document 1: Rats begin to chew the sheets
Document 2: Rats murmur down below
Document 3: Down below there is ingratitude
Document 4: The sheets are down
Document 5: Down below the sheets are rats that murmur

Draw the inverted index for this corpus. You do not have to store document location information. Your
index should be case-insensitive. Index entries should appear in alphanumeric order.









6.2 (2 points) Consider that we want to implement the NEAR query operator, which returns hits if two
terms are within k positions of each other in the source document. What information would we need to add
to the inverted index? Draw two sample entries from your index above to illustrate what new information
is needed.









Your uniqname: _____________________ 11
6.3 (6 points) What is the query processing algorithm for NEAR? Assume you have an input NEAR-
enabled inverted index, and two query words qA and qB. Give your answer in pseudocode. Assume you
can call a method emit() that returns a document id to the user.