User Account

All Pages

Formalise a bell lapadula model

Assignment Help Other Subject
Reference no: EM133076858

CIS4017-N Systems Administration and Security - Teesside University

Assignment - Cryptography basics, security analysis, design and implementation

Part 1 - Cryptography question

1. Using the Vigenere (polyalphabetic) cipher, encrypt the message MYSIMPLEENCRYPTION using the key CNET

2. Decrypt OHW PHR XWC CC using the Caesar cipher (shift of 3).

RSA

3. Assume a public key for RSA encryption given by the pair (143,11). Find the private key corresponding to this pair.

4. Using the pair (143, 11), decode the encrypted message (111 4 88 57 116 67) assuming the letters were represented by ASCII values (recall that the ASCII values are 65->A, 66->B, ... and 97->a, 98->b, ...)

Diffie-Hellman protocol

5. Describe in detail the Diffie-Hellman protocol for three parties Alice, Bob and Carol.

Part II Security analysis and design

Case Scenario 1 - Security models

ABC Ltd. is a company providing security solutions to public services. You are asked to help the ABC Ltd to design a security model for the national defence department - a part of an e-government project on secure information control in managing troops. Assume the armed forces be classified as: {army, navy, air force, marines}, the security levels are typed as: {high, low}.

Tasks: You should produce a short report (around 500 words) to formalise a Bell Lapadula model to address the confidentiality properties for the specified scenario, and to discuss the strength and weakness of your model.

Hint: You need to describe the model (specify subjects, objects, possible operations - which can be flexible, design your own but need to show your understanding of specifying and applying the BLP model in a real case), the security lattice (a graph can be helpful), the policy and the security properties for the given scenario above.

Case Scenario 2 - Security Analysis and Solutions to Conference Management Systems

A conference manage system is a web-based management system which allows researchers submit research papers, the program committee (PC) members (reviewers) to browse papers and contribute reviews, scores and discussion, and release decisions (such as rejection or accept) via the Web. In one arrangement, the conference chair downloads and hosts the appropriate server software. (A good example is easychair)

The system allows users to submit papers, enter reviews & scores and access reviews & scores associated with events (conferences or workshops) regarding to the role of the uses. A user is granted access to the system by providing a role (chair, reviewer, or author) along with a user-id and associated password. Permissible roles for each user are specified at the time a new event is added to the management system. Reviews & scores on papers are initially assigned by chairs (chairs assign papers to reviewers for reviewing, one reviewers can be assigned multiple papers, one paper can be allocated to multiple reviewers). Reviewing are done by reviewers. And a chair can perform any and/or all of these actions, but a chair's updates can only be changed by the chair. An author, in addition to learning about his or her reviews & grades on individual papers, is entitled to learn the acceptance statistics (but not other papers' reviews), and the conference program.

Threat model: The adversary is a user who desires to learn the reviews & scores, changes reviews & scores, or prevent others from learning or changing reviews & scores. The adversary has access to the management system and also can read, delete, and/or update network messages in transit. The adversary cannot physically access or run programs on a user's machine that is running a browser to access the management system. And the adversary can not physically access or run programs on the server hosting the management system.

Your tasks: You are asked to produce a report (1500-2000words) to provide contemplate descriptions of the above Web-based Conference Management System and identify the following:

1. Assets and security properties: what objects should be protected, what security properties might we expect the system to enforce? For each such security property, label it with one of: confidentiality, integrity, or availability?

2. Vulnerability: explain the vulnerability in the system and use an attack tree/model to describe how an attack could be mounted. Restrict your consideration to the threat model provided.

3. Protection: explain what cost-effective protections are available against the threats that you identify. Remember the focus is on software vulnerabilities.

Hint: Assuming that the manager is not a technical person, craft your explanation in a way that can be explained to a layman and include figures where necessary.

Case Scenario 3- Design and Implementation of a Secure Network

This task involves designing and implementing an Internet-connected secure network for a medium- sized company requiring 500 machines named Smith Logistics, UK. They want to implement a secure network that uses Class C network address with multiple subnets - They have asked you for a price quote as well. But they want to see a packet tracer implementation and simulation results before they commit to purchasing anything.

You can use Packet tracer/Opnet/Omnet++ for the implementation and security measures. The implementation of the network should consist of core, distribution and access layer.

It should use a minimum of two routers at the distribution and a further 2-4 for the core layer. All router interfaces must be tested for the correct subnet operations.

task: You should write a report with the appropriate design and implementation solution (2500 words max, but flexible) documenting all that you have done, including how the network is set up. Use the tasks below as a guideline to write.

1. Using a drawing tool of your choice design the network. Draw a simple network diagram of your network.
Hints: Design the logical diagram. You can ignore the device location in a logical design. Use Visio or any drawing tool for the diagram. Don't forget to label the diagram core, access and distribution layer.

2. Design and Implement an IPv4 subnetting scheme. You can use any address in class c.

3. Hint: Test a small subsection of the network before implementing the full addressing scheme in packet tracer.

4. The report must describe the design and all of the decisions that you have made in the process of developing the design. This will include a discussion of the design model, Security, WAN protocol, Layer 2, 3 and wireless protocols that you have decided to use. Hint: Restrict your discussion to the main layer 1,2 and 3 protocols

5. Show the detailed cost of implementing your solution in a table format. You can try to show two different costs for the company to choose from.
Hints: Research on the costs of servers (hardware and software), switches, workstations, cables, etc.

6. Show all references used in the report, using appropriate referencing.

Hints: Harvard referencing can be used and make sure the format is fully followed.

Attachment:- Systems Administration and Security.rar

Reference no: EM133076858

Questions Cloud

Advantages and disadvantages for Kronos : What are the advantages and disadvantages for Kronos of its boomerang hire program - Think of the previous jobs you have held. Are there any previous employers
What is the total tax due upon sale : Assuming a 25% tax rate for recaptured depreciation and a 20% rate for capital gains, what is the total tax due upon sale
What is taxable income of partnership in current income : What is the taxable income of the partnership in the current income year, and what are the total distributions to each partner
What is the allocation of basis : A developer buys a property for $3,000,000 and has acquisition costs of $75,000. What is the allocation of basis between the land and building improvements
Formalise a bell lapadula model : Formalise a Bell Lapadula model to address the confidentiality properties for the specified scenario, and to discuss the strength and weakness of your model
The role of economics in shaping public policy : What are the risks and advantages of economic concentration? How has economic concentration influenced your industry?
What is the actual total direct materials cost : Sanchez Company's output for the current period was assigned a $390,000 standard direct materials cost. What is the actual total direct materials cost
Record the journal entries for each transaction : Barbara Company uses a Job Order Costing System. During the month the following transactions were completed. Record the journal entries for each transaction
Design and implementation of a secure network : Write a report with the appropriate design and implementation solution (2500 words max, but flexible) documenting all that you have done

Reviews

Write a Review

Other Subject Questions & Answers

  Explain the different aspects of computing technology

The utilization of different aspects of computing technology would be helpful in the presentation of the idea to the upper management.

  The main features of globalization

In relation to political economy, what are said to be the main features of ‘globalization', and can they be critiqued? If so, how?

  Explain the need for dimensional modeling

For this short paper, due in Module Seven, you will review the Kimball Group's video for this module and the discussion on dimensional modeling presented.

  Deepening crisis of sectional division-political breakdown

Beginning with the Gag Rule of the 1830s and continuing to Lincoln's election in 1860,the United States of America experienced a deepening crisis of sectional division and political breakdown.

  Briefly describe the making of the modern state of china

Briefly describe the making of the modern state of China. Then summarize the structure of the government, including both the state and the legislature.

  Design a learning environment

For this assignment, you will bring together your knowledge of theories, developmental domains, and learning environments to design a learning environment.

  How does innovation impact value-based healthcare

What would you create, and why? What problem does this innovation solve? How does this innovation impact value-based healthcare?

  Which perspective contradict the christian perspective

Explanation how the source media (movies, books, etc.) promotes various perspectives. How does this media perspective provide direction to navigating life

  Connecticut v/s griswold and carhart vs/ gonzales

Consider Justice Black's dissent in Griswold v. Connecticut. Is it consistent with his views in Adamson v. California (see Chapter 9)? Katz v. United States ? Discuss.

  Venezuela intelligence organization

Discuss Venezuela and its intelligence organization's relevance to US national security, either in maintaining it or threatening it.

  Discuss about the case : focused ear exam

When you ask him how he's been spending his summer, James responds that he's been spending a lot of time in the pool.

  Discuss how improving health in that modality will improve

There are four holistic modalities to self-physical, mental, emotional, and spiritual. Choose one modality and discuss how improving health in that modality will improve health in the whole being. Give examples from your clinical experience and ci..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd