User Account

All Pages

How system with capabilities as access control mechanism

Assignment Help Computer Network Security
Reference no: EM13311789

1) A company develops a new security product using the extreme programming software development methodology. Programmers code, then test, the en add more code, then test, and continue this iteration. Every day they test the code base as a whole. The programmers work in pairs when writing code to ensure that at least two people review the code. How would you explain to this company how their software is in fact not high assurance" software?

2) Consider how a system with capabilities as its access control mechanism could deal with Trojan Horses.
A) In general, do capabilities offer more or less protection against Trojan horses than do access control lists? Justify your answer in light of the theoretical equivalence of ACLs and C-Lists

B) Consider now the inheritance of properties of new processes. If the creator controls which capabilities the created process is given initially, how could the creator limit a damage that a Trojan Horse will do?

C) Can capabilities protect against all Trojan Horses? Either show that they can or describe a Trojan horse process that can C-Lists cannot protect against

3) Assume that the Clark -Wilson model is implemented on a computer system. Could a computer virus that scrambled constrained data items be introduced into the system? Why or why not? Specifically, if not identify the precise control that would prevent the virus from being introduced, and explain why it would prevent the virus from being introduced; if yes identify the specific control or controls that would allow the virus to be introduced and explain why they fail to keep it out.

4) Classify the following vulnerabilities using the RISOS model. Assume that the classification is for the implementation level. Justify your answer:
a)The presence of the wiz command in the sendmail program(see Sect. 23.2.8)
b) The failure to handle the IFS shell variable by loadmodule(see section 23.2.8)
c) The failure to select an Administrator password that was difficult to guess(see sect. 23.2.9)
d)The failure of the Burroughs system to detect offline changes to files(see section 23.2.3.6)

5) A common error in the UNIX system occurs during configuration of bind, a directory name server. The time-to-expire field is set at 0.5 because the administrator believes that this field unit is minutes (and wishes to set the time to 30 seconds) However, bind expects the field to be in seconds and reads the value as 0 - meaning that no data is ever expired.
a) Classify this vulnerability using the RISOS model, and justify your answer
b) Classify this vulnerability using the PA model and justify your answer
c) Classify this vulnerability using the Aslam's model and justify your answer

6) Essay Question:Secure software certification. Your present company (assignment#2) is at EAL4. You are the new program manager on this effort and your job is to bring your present software secure package to EAL7. Explain to me your management plan on upgrading your present software package from EAL4 to EAL7. Your management plan should include discussing your past documentation (assignment#2), the difference between EAL4 and EAL7, what additional paperwork will be needed to reach EAL7 certification, and finally, define your risk based on reusing software code for this migration from EAL4 to EAL7 certification.


Attachment:- Computer-Security-Art--and--Science-Questions.docx

Reference no: EM13311789

Questions Cloud

What is the maximum potential energy of the child : A 20-kg child swings back and forth on a swing such that her height h in m from the ground as a function of x is described by: h(x) = 0.5 + 0.45x2 for -1.2 m ? x ? 1.2 m, What is the maximum potential energy of the child
Challenged by modern working women : How have notions of 'men's work' been challenged by modern working women? You may choose to focus on specific examples (eg. within a particular industry or national context) or to discuss more generally.
Evaluate the impact the sociological theories : Evaluate the impact the Sociological theories, Functionalism, Conflict, and Interactionism has by choosing one of the social institution selected from the list below:
Find the tension in the rope : A bowling ball weighing 71.2{\rm N} is attached to the ceiling by a 3.70{\rm m} rope. find the tension in the rope
How system with capabilities as access control mechanism : Consider how a system with capabilities as its access control mechanism could deal with Trojan Horses.
Explain potassium hydroxide be used for the purpose : The 2-chloro 2-methylbutane is dried with anhydrous sodium sulfate in this procedure. Could solid sodium hydroxide or potassium hydroxide be used for this purpose
Explain the specific heat capacity of liquid water : A 5.00g sample of liquid water at 25.0 degrees Celcius is heated by the addition of 84.0 J of energy. The final temperature of the water is _________ degrees Celcius. The specific heat capacity of liquid water is 4.18 J/g-K
If psychology were to be an exact, or to use mills phrase : If psychology were to be an exact, or to use Mill's phrase,
Explain the rydberg equation to calculate the wavelength : Use the rydberg equation to calculate the wavelength (in nm) of the photon emitted when an electron in a hydrogen atom undergoes a transition from n=4 to n=2.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Explain cross site scripting attack

Explain Cross Site Scripting attack

  What security features given by running special software

What security features could be given without changing mail delivery infrastructure, i.e., by only running special software at source and destination?

  Potential threats to a bank using mobile technology

Your goal is to identify the potential threats to a bank using mobile technology and rank them in terms of risk. To calculate risk, you will need to rank each threat in terms of severity and likelihood- ITECH3215-7215

  What is the significance of nevis island

What is the significance of Nevis Island and what is the significance of Stella's message to Fiona asking for interest rates?

  Create alternative message which has hash value

Generates the alternative message which has a hash value which collides with Bob's original hash value. Illustrate a message that Alice may have spoofed, and demonstrate that its hash value collides with Bob's original hash.

  Will your file system of choice provide security

What type of OS to use along with the file system and why is this architecture is better than others? Will you use the same OS for servers and Desktops? Will your file system of choice provide security?

  Research on workplace privacy laws

Determine how much time, if any, these two employees are spending surfing the Web. Is it wrong to access these records? Do some research on workplace privacy laws to justify your answer.

  Cryptosystem

Block cipher, Primitive root, Confusion, Diffusion, Digital signature, Conventional Symmetric-Key Encryption

  Minimum contacts test

Compare the minimum contacts test, as it is applied to the bricks-and-mortar activity of businesses, to their cyberspace activity. If you were a small business

  Implement encryption and decryption of the vigenere cipher

Implement both encryption AND decryption of the Vigenere cipher with 26 English letters and 1 space character

  Piece of code that allows a buffer

Give an example of piece of code that allows a buffer over run to occur. Assuming a program contains absolutely no buffer over runs. What other control flow-related problems may it have.

  Design a security plan that describes counter-measures

Design a security plan that describes counter-measures that will manage the threats that put the organisation's information holdings at risk and disaster recovery processes.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd