User Account

All Pages

Describe fundamental principles in both the bell-lapadula

Assignment Help Management Information Sys
Reference no: EM131274807

Part 1: Determine if the following statements are True or False.

1. An agent in Clock-Wilson Model(CWM) should also have the execute rights regarding anentity after the agent is permitted to certify that entity.

2. Since physical security is often managed under separate responsibility from information security, however, risk analysis for information security still needs to address physical security.

3. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.Answer:

4. With unlimited resources and security controls, it is possible to reduce risk to zero.

5. Viruses infect executable files and hardware as well.

6. Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

7. The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.

8. Traditional RBAC systems define the access rights of individual users and groups of users.

9. Some process of managed downgrading of information is needed to restore reasonable classification levels.

10. A BLP model breaks down when low classified executable data are allowed to be executed by a high clearance subject.

11. The secret key is input to the encryption algorithm.

12. Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits.

13. The advantage of a stream cipher is that you can reuse keys.

14. Like the MAC, a hash function also takes a secret key as input.

15. The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.

16. Public-key cryptography is asymmetric.

17. Public-key algorithms are based on simple operations on bit patterns.

18. A token is the best means of authentication because it cannot be forged or stolen by an adversary.

19. User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.

20. A good technique for choosing a password is to use the first letter ofeach word of a phrase.

21. Memory cards store and process data.

22. Depending on the application, user authentication on a biometricsystem involves either verification or identification.

23. An individual's signature is not unique enough to use in biometricapplications.

24. A smart card contains an entire microprocessor.

25. Access control is the central element of computer security.

26. The authentication function determines who is trusted for a given purpose.

27. An auditing function monitors and keeps a record of user accesses to system resources.

28. External devices such as firewalls cannot provide access control services.

29. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.

30. A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed.

Part 2: Short Answers. Please answer briefly and completely, and you must cite all sources of information if any.

1. Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.

2. Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Ann's private and public keys respectively. The same for Bill (Billpriv and Billpub).

(a) If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)?

(b) Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authenticity)?

(c) Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer.

3. Assume that passwords are limited to the use of the 95 printable ASCII characters and that all passwords are 12 characters in length. Assume a password cracker with an encryption rate of 10 giga encryptions per second. How many years will it take to test exhaustively all possible passwords on a UNIX system? Note you need to show the procedures of calculation step by step as well.

Reference no: EM131274807

Questions Cloud

Discuss what you discovered about contingency planning : Discuss what you discovered about contingency planning. Discuss how creativity and critical thinking relate to contingency planning. Explain how you might integrate creativity into your own planning process.
Define the primary estates in land : Define the primary estates in land.- Explain the circumstances under which each of the following types of ownership would be most desirable.
Create a class called employee that includes three variables : (Employee Class) Create a class called Employee that includes three instance variables-a first name (type String), a last name (type String) and a monthly salary (double).
Program should be seen as command like processing : A program is to be made such that the process done inside the program should be seen as command like processing, finding etc. Please do specify every shortcuts and you can apply any design as you want.
Describe fundamental principles in both the bell-lapadula : Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of t..
What way your proposed business action is an innovative idea : Describe in what way your proposed business action is an innovative idea. Explain why you think this idea will benefit the business in terms of return of investment (ROI).
Explanation of the conditions that make systems : Research a specific buffer overflow attack technique of your choice.  This should be a technique that has been actively exploited in the past 5 years or is still a current threat. Prepare a presentation on the attack that includes at least the fol..
Explore best possible options for evaluating strategic plan : Determine the best possible options for evaluating the strategic plan. Develop methods to monitor and control your proposed strategic plan, being sure to analyze how measures will advance organizational goals financially and operationally.
Develop a 600-word analysis of the international economy : Develop a 600-word analysis of the international economy and Products that have provided the country an absolute advantage in trade (if any)

Reviews

Write a Review

Management Information Sys Questions & Answers

  Intrinsic and extrinsic reward

Intrinsic and Extrinsic Reward - Provide an example of intrinsic reward and an example of extrinsic reward you have met with recently.

  What is incident response approach organization should take

Lately, their customers have been complaining about receiving calls from a competitor in another country with detailed information about their purchase histories and relationship with the organization. What is the incident response approach the or..

  Provide some detailed information on the following- how

provide some detailed information on the following- how does a business stay ahead of technological advances?- what are

  Prepare a recommendation for the port authority

The Port Authority uses a 10 percent discount rate for capital improvement projects. - assume a 10-year planning horizon, and prepare a recommendation for the Port Authority.

  Components of the supply chain

Examine the place where you currently work and identify a single service or product produced by your organization (if unemployed discuss your last place of employment).

  Implementation of new information systems in organization

Prepare a 350- to 700-word proposal addressing the potential implementation of new information systems in your organization. Explain the usefulness of converting data currently held in Microsoft® Excel® spreadsheets into a relational database using..

  Operations management supply chainmy question is identify

operations management supply chainmy question is identify your products supply chain and determine how you will measure

  What do you think of the kid toolkit approach to management

Is IT standardization and innovation (or flexibility) in conflict in an organization like IVK? hat do you think of the kid's toolkit approach to management

  Identify the potential consequences to the project client

ITECH7402 Professional IT Culture. Provide a defence, on ethical grounds, for the decision to bid for the contract with a figure below the estimated costs; Identify the potential consequences to the project client of accepting this aggressive bid

  Develop list of five to seven feature of your application

Develop a list of the top five to seven features of your application. Explain how those features pertain to your viral hook. Explain how those features will help increase wedding revenue.

  How the new systems is supposed to do by defining functions

Design specification: in your design look and feel of the systems/interface is based and according to the requirements of the top management as well as client requirements

  Traditional methods of performing tasks

New technology vs the 'old way' - what are some of the risks of using technology to do things instead of using more traditional methods of performing tasks?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd