Your Perfect Assignment is Just a Click Away

We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!

How It Works
Order Now
glass
pen
clip
papers
heaphones

Worcester Polytechnic InstitutE Computer Security Review and Analysis

Computer Science

Computer Science

Worcester Polytechnic InstitutE Computer Security Review and Analysis

Description

1. Text reading

Chapter 1, Chapter 2, Chapter 3, Chapter 4, Chapter 5
“Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security” (accessed via the URL provided below)

2. Textbook questions (80 points)
(Do not answer the wrong questions – note the difference between Review Questions and Problems.)

Chapter 1

Review questions:

1.3 List and briefly define categories of passive and active network security attacks. 1.4 List and briefly define the fundamental security design principles.

Problems

1.4 For each of the following assets, assign a low, moderate, or high impact level for the confidentiality, availability, and integrity, respectively. Justify your answers.
a. An organization managing public information on its Web server.
b. A law enforcement organization managing extremely sensitive investigative information. c. A financial organization managing routine administrative information (not privacy related information).

loss of

d. An information system used for large acquisitions in a contracting organization contains both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.
e. A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.

Chapter 2

Review questions:

2.3 What are the two principal requirements for the secure use of symmetric encryption? 2.4 List the two important aspects of data authentication.
2.7 What properties must a hash function have to be useful for message authentication? 2.12 What is a public-key certificate?

Problems

2.6 Suppose H(m) is a collision-resistant hash function that maps a message of arbitrary bit
length into an n-bit hash value. Is it true that, for all messages x, x? with x?x?, we have H(x)?H(x?)? Explain your answer.

Chapter 3

Review questions

3.1 In general terms, what are four means of authenticating a user’s identity?
3.4 List and briefly describe four common techniques for selecting or assigning passwords. 3.9 Describe the general concept of a challenge-response protocol.

Problems

3.3 Assume that passwords are selected from four-character combinations of 26 alphabetic characters. Assume that an adversary is able to attempt passwords at a rate of one per second. a. Assuming no feedback to the adversary until each attempt has been completed, what is the expected time to discover the correct password?
b. Assuming feedback to the adversary flagging an error as each incorrect character is entered, what is the expected time to discover the correct password?

3.6 Assume that credit card numbers are limited to the use of the 95 printable ASCII characters and that all passwords are 8 characters in length. Assume a password cracker with an encryption rate of 6.4 million encryptions per second. How long will it take to test exhaustively all possible passwords in a UNIX system?

Chapter 4

Review questions

4.1 Briefly define the difference between DAC and MAC.
4.6 What is the difference between an access control list and a capability ticket? 4.9 List and define the four types of entities in a base model RBAC system.

Problems:

4.1 For the DAC model discussed in Section 4.3, an alternative representation of the protection state is a directed graph. Each subject and each object in the protection state is represented by a node (a single node is used for an entity that is both subject and object). A directed line from a subject to an object indicates an access right, and the label on the link defines the access right. a. Draw a directed graph that corresponds to the access matrix of Figure 4.2a.

b. Draw a directed graph that corresponds to the access matrix of Figure 4.3.
c. Is there a one-to-one correspondence between the directed graph representation and the access matrix representation? Explain.

Chapter 5

Review questions

5.6 Explain the nature of the inference threat to an RDBMS. 5.7 What are the disadvantages to database encryption?

Problems

5.3 The following table shows a list of pets and their owners that is used by a veterinarian service.

page4image49530704

a. Describe four problems that are likely to occur when using this table.
b. Break the table into two tables in a way that fixes the four problems, and briefly justify your solution.

3. Article summary (20 points)
Please read the article “Security Controls for Computer Systems” at the following URL.

http://www.rand.org/pubs/reports/R609-1/index2.htm…

and pay close attention on section ” IV. AREAS OF SECURITY PROTECTION”. Pick up one of the “Leaking Points” and answer the following questions.

1. Why is this an issue in computer security?

2. Please give 1-2 real-world case studies that belong to this leaking point. Does the issue you choose still relevant in today’s computer systems? Why or why not? Elaborate your answer.

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: School Class Pro only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by School Class Pro are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. School Class Pro is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At School Class Pro, we have put in place a team of experts who answer all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.

Menu
Free resources
 
Dissertation help
 
Email
support@writeship.com
schoolclasspro.blog ©2025 All rights reserved. Terms of use | Privacy Policy