is important questions

7/26/2019 Is Important Questions

1/64

Anna University Syllabus Materials and

Question Papers

Wednesday, 15 May 2013

CS922 !"#$%MA&!$" S'CU%!&( A)) U"!& QU'S&!$"S A"*

A"SW'%S +!MP$%&A"&

INFORMATION SECURITY ALL UNIT QUESTIONS AND ANSWERS (IMPORTANT)

CS922

UNIT I - INTRODUCTION TO INFORMATION SECURITY

PART A (2 MARKS)

1. What is information security?

2. What are the types of attack? Compare.

3. What is meant by top-down approach to security implementation? Give its

advantaes.

!. What is meant by bottom-up approach to security implementation? Give its

disadvantaes.

". What type of security was dominant in the early years of computin?

#. What are the three components of C.$.%. trianle? What are they used for?

&. What is security blue print?

'. What is the difference between a threat aent and a threat?

(. What is vulnerability?

1). Who is involved in the security development life cycle?

11. When can a computer be a sub*ect and an ob*ect of an attack respectively?

PART- B

1. +escribe the critical characteristics of information. ,ow are they used in the study of

computer security? 1#

2. /riefly e0plain the components of an information system and their security. ,ow will

you balance security and access? 1#
http://questionsearch.blogspot.in/http://questionsearch.blogspot.in/http://questionsearch.blogspot.in/http://questionsearch.blogspot.in/


2/64

3. a +escribe the system development life cycle? !

b 0plain the security system development life cycle? 12

!. What is $nformation security? 0plain the 4$C security model and the top-down

approach to security implementation. 1#

UNIT II SECURITY INVESTIGATION

PART A (2 MARKS)

1. Why is information security a manaement problem?

2. Why is data the most important asset an orani5ation possesses?

3. ,ow can a ervice 6evel %reement 6% provide a safeuard for $nternet or web

hostin

services?

!. What is software piracy? ame two orani5ations that investiate alleations of

software abuse.

". ame the two cateories of hackers and differentiate between them.

#. Who is a cyberactivist?

&. Who is a cyberterrorist?

'. ,ow does a threat to information security differ from an attack?

(. What is a threat?

1). +efine malware. Give e0amples.11. $n what way does the ++o differ from the +o attack?

12. ,ow do worms differ from viruses?

13. What is spoofin?

1!. What are the types of password attack?

1". What is the difference between criminal law 7 civil law?

1#. What is tort law?

1&. What are the primary e0amples of public l aw?

1'. What is a policy? ,ow does it differ from law?

1(. ,ow does civil law differ from criminal law?

2). ,ow does tort law differ from public law?

21. Which law amended the computer 8raud and %buse %ct of 1('#9 and what did it

chane?


3/64

22. What are the three eneral cateories of unethical and illeal behaviour?

23. +efine +:C%.

2!. What does C$; stands for?

PART-B

1. a0plain the four important functions of information security in an


4/64

12. What is annual loss e0pectancy?

13. What is cost benefit analysis?

1!. What is the definition of sinle loss e0pectancy?

1". What is the difference between benchmarkin and baselinin?

1#. What are vulnerabilities?

1&. What is risk assessment?

1'. What is a hot site? ,ow is this useful in risk mitiation?

1(. Compare and contrast preventive and detective controls.

2). +efine risk appetite.

21. What is a +elphi techni=ue?

PART-B

1. a. What are the four basic steps in risk manaement? +escribe. '

b. What are access controls and e0plain their types? '

2. laborate on

a %sset $dentification 7 >aluation '

b +ata Classification 7 :anaement '

3. +escribe in detail the process of risk identification. 1#!. laborate on risk assessment and the documentation of its results. 1#

". What are the risk control strateies that uide an orani5ation? laborate. 1#

#. 0plain the components of asset valuation? 1#

&. 0plain the various feasibility studies considered for a pro*ect of information security

controls

and safeuards? 1#

UNIT IV - LOGICAL DESIGN

PART-A (2 MARKS)

1. +ifferentiate between a mission 7 vision of an orani5ation.

2. What is information security policy?

3. What is information security blueprint framework?


5/64

!. What is the difference between a policy9 standard and procedure?

". What are the differences amon the $;9 +; 7 /C;?

#. What is crisis manaement?

&. What are the inherent problems with $< 1&&((9 and why hasn@t the A.. adopted it?

'. What are the two ma*or components of the sphere of security?

(. What are the levels of testin strateies involved in incident response plan?

1). :ention ;ipkin@s three cateories of incident indicators.

11. When does an incident become a disaster?

12. Write short notes on a mutual areement.

13. tate the options for


6/64

2. 0plain the relationship between plainte0t and cipher te0t.

3. What is %+$A? What advantae does it have over 4%C%C?

!. What is network finerprintin?

". What is +:?

#. What are the main components of cryptoloy?

&. What is physical security?

'. +efine a secure facility.

(. Write short notes on %pplication-6evel 8irewall.

1). What is a creened ubnet 8irewall?

11. +efine %4.

12. What is a host based $+?

13. ,ow does false re*ect rate differ from false accept rate?

1!. What are the two protocols desined to enable secure communications across the

internet?

1". tate the main components of cryptoloy.

1#. $n what ways the sophisticated heat sensor operates in the thermal detection

systems?

1&. What are the two basic types of 8ire detection systems?

1'. What is %+$A? What advantaes does it have over 4%C%A?;%4-/

1. +iscuss the eneration of firewalls? 1#

2. +escribe the structure of firewall architecture? 1#

3. 0plain the various types of $ntrusion +etection ystems. 1#

!. 0plain in detail the cryptoraphy and encryption based solutions. 1#

". 0plain the key difference between symmetric and asymmetric encryption with

suitable

e0amples. 1#

#. /riefly e0plain the components of cryptoloy. 1#

&. +iscuss some of the popular cryptoraphic alorithms. 1#

'. Write short notes on the various access controls used for providin physical security.

1#


7/64

(. +escribe the various methods of power manaement 7 conditionin. 1#

CS1014-INFORMATION SECURITY

TWO MARKS

1. Define Information Se!rit".

It i# a $e%%-informe& #en#e of a##!rane t'at t'e information ri#(# an&

ontro%# are in )a%ane.

*. W'at i# Se!rit"+

Se!rit" i# ,t'e !a%it" or #tateof bein secure-to be free from

danerD.

3. What are the multiple layers of ecurity?

E ;hysical ecurity

E ;ersonal ecurity

E


8/64

$t is the process of sendin an e-mail with a modified field.

&. What is A+; ;acket poofin?

Aser +ata ;rotocol A+; ;acket poofin enables the attacker to et

unauthori5ed access to data stored on computin systems.

'. What are the measures to protect the confidentiality of information?

E $nformation Classification

E ecure document storae

E %pplication of eneral ecurity ;olicies.

E ducation of information end-users

(. What is Atility of information?

Atility of information is the =uality or state of havin value for some

purpose or end.

1). What are the components of information system?

E oftware

E ,ardware

E +ata

E ;eople

E ;rocedures

E etworks.11. What are the functions of 6ocks 7 Feys?

6ocks 7 Feys are the traditional tools of physical security9 which

restricts access to9 and interaction with the hardware components of

an information system.

12. What is etwork ecurity?

$t is the implementation of alarm and intrusion systems to make

system owners aware of onoin compromises.

13. +ifferentiate +irect and $ndirect attacks.

+irect %ttack $ndirect %ttack

$t is when a hacker uses

his personal computer to

break into the system


9/64

$t is when a system is

compromised and used to

attack other systems9

such as in a distributed

deniel of service attack.


10/64

risk facin the orani5ation.

1(. What are the functions of $nformation ecurity?

E ;rotects the orani5ation@s ability to function

E nables the safe operation of applications implemented on the

orani5ations $4 systems.

E ;rotects the data the orani5ation collects and uses.

E afeuards the technoloy assets in use at the orani5ation.

2). What is ;F$?

;ublic Fey $nfrastructure is an interated system of software9

encryption methodoloies and leal areements that can be used to

support the entire information infrastructure of an orani5ation.

21. What is the use of +iital Certificates?

+iital Certificates are used to ensure the confidentiality of $nternet

Communications and transactions.

22. What is 8irewall?

8irewall is a device that keeps certain kinds of network traffic out of a

private network.

23. What are cachin network appliances?

Cachin network appliances are devices that store leal copies of$nternet contents such as Web;aes that are fre=uently referred to by

employees.

2!. What are appliances?

%ppliances display the cached paes to users rather than accessin

paes from the server each time.

2". What is a threat?

4hreat is an ob*ect9 person or other entity that represents a constant

daner to an asset.

2#. What are ,ackers?

,ackers are people who use and create computer software for en*oyment

or to ain access to information illeally.

2&. What are the levels of hackers?


11/64

E 0pert ,acker

+evelops software codes

E Anskilled ,acker

Ases the codes developed by the e0perts

2'. What are script kiddies?

4hese are hackers of limited skills who e0pertly written software to e0ploit a

system but not fully understand or appreciate the systems they hack.

2(. What is a ;hreaker?

% ;hreaker hacks the public telephone network to make free calls.

3). What is :alicious code?

4hese are prorams9 which are desined to damae9 destroy9 or deny service

to the taret system

31. What are the types of virus?

E :acro virus

E /oot virus

32. What are tro*an horses?

4hey are software prorams that hide their true nature and reveal their

desined behavior only when activated.

33. What is a polymorphic threat?$t is one that chanes its apparent shape over time.

3!. What is intellectual propery?

$t is the ownership of ideas and control over the tanible or virtual

representation of those ideas.

3". What is an attack?

$t is a deliberate act that e0ploits vulnerability.

3#. What vulnerability?

$t is an identified weakness of a controlled system with controls that are not

present or no loner effective.

3&. What are the attack replication vectors?

E $p scan and attack

E Web browsin


12/64

E >irus

E hares

E :ass mail

E :;

3'. What is a brute force attack?

4ryin every possible combination of options of password.

3(. What are sniffers?

niffers are prorams or device that can monitor data travelin over an

network.

!). What is social enineerin?

$t is the process of usin social skills to convince people to reveal access

credentials to the attackers.

!1. What are the types of 6aws?

E Civil 6aw

E Criminal 6aw

E 4ort 6aw

!2. +ifferentiate ;rivate 7 ;ublic 6aws.

;rivate 6awsH

E 4his 6aw reulates the relationship between the individual and theorani5ation.

E H 8amily 6aw9 Commercial 6aw9 6abor 6aw

;ublic 6awH

E 4his 6aw reulates the structure and administration of overnment

aencies and their relationship with the citi5ens9 employees and other

overnments.

E H Criminal 6aw9 %dministrative 6aw9 Constitutional 6aw.

!3. What are the fundamental principles of ,$;%%.

1. Consumer control of medical information.

2. /oundaries on the use of medical information.

3. %ccountability for the privacy of private information.

!. ecurity of health information.


13/64

!!. What are the eneral cateories of unethical and illeal behaviour?

E $norance

E %ccident

E $ntent

!". What is deterrence?

E $t is the best method for preventin illeal or unethical activity.

E 0amples are laws9 ;olicies and technical controls.

!#. What is isk :anaement?

isk $dentification is conducted within the larer process of identifyin and

*ustifyin risk control known as risk manaement.

!&. What are the communities of interest?

E $nformation ecurity

E :anaement and users

E $nformation 4echnoloy

!'. What are the responsibilities of the communities of interests?

E valuatin the risk controls

E +eterminin which control options are cost effective for the orani5ation

E %c=uirin or installin the needed controls.

E


14/64

$t is the process of assessin the relative risk for each of the vulnerabilities.

"3. What is 6ikelihood?

6ikelihood is the overall ratin of the probability that a specific vulnerability

within an orani5ation will be successfully attacked.

"!. What is esidual isk?

$t is the risk that remains to the information asset even after the e0istin

control has been applied.

"". What are ;olicies?

;olicies are documents that specify an orani5ation@s approach to security.

"#.What are the types of security policies?

E General ecurity ;olicy

E ;roram ecurity ;olicy

E $ssue-pecific ;olicies

"&. What are the types of access controls?

E :andatory %ccess Controls:%Cs

E ondiscretionary controls

E +iscretionary Controls+%C

"'. What are the isk Control trateies?

E %voidance I $t is the risk control stratey that attempts to prevent thee0ploitation of the vulnerability.

E 4ransference I $t is the control approach that attempts to shift the risk to

other assets9other processes 9or other orani5ations.

E :itiation I $t is the control approach that attempts to reduce the impact

caused by the e0ploitation of vulnerability throuh plannin and

preparation.

E %cceptance. I $t is the choice to do nothinto protect vulnerability and to

accept the outcome of an e0ploited vulnerability.

"(. What are the common methods for isk %voidance?

E %voidance throuh %pplication of ;olicy

E %voidance throuh %pplication of trainin and education

E %voidance throuh %pplication of technoloy


15/64

#). What are the types of plans in :itiation stratey?

E 4he +isaster ecovery ;lan+;

E $ncident esponse ;lan$;

E /usiness Continuity ;lan/C;

#1. What is a hot site?

E $t is also known as business recovery site.

E $t is a remote location with systems identical or similar to the home site.

#2. What are the ways to cateori5e the controls?

E Control function

E %rchitectural 6ayer

E tratey 6ayer

E $nformation ecurity ;rinciple.

#3. +ifferentiate ;reventive and +etective controls.

;reventive Controls +etective Controls

1. top attempts to e0ploit

vulnerability by implementin a

security principle9 such as

authentication or confidentiality

1. $t warn orani5ations of violationsof security principles9 orani5ational

policies or attempts to e0ploit

vulnerability.

2. $t uses the technical procedure

such as encryption or combination of

technical means and enforcement

methods.

2. $t use techni=ues such as audit

trials9intrusion detection and

confiuration monitorin.

#!. What are the commonly accepted information security ;rinciples?

E confidentiality


16/64

E $nterity

E %vailability

E %uthentication

E %uthori5ation

E %ccountability

E ;rivacy.

#". What is benefit?

$t is the value that the orani5ation reconi5es by usin controls to prevent

loses associated with a specific vulnerability.

##. What is asset valuation?

$t is the process of assinin financial value or worth to each information

asset.

##. What is a ;olicy?

$t is a plan or course of action9 as of a overnment9 political party9 intended

to influence and determine decisions9 actions and other matters.

#&. +ifferentiate mission 7 >ision.

:issionH :ission of an orani5ation is a written statement of an

orani5ation@s purpose.

>isionH >ision of an orani5ation is a written statement of an orani5ation@soals.

#'. What is trateic ;lannin?

$t is the process of movin the orani5ation towards its vision by

accomplishin its mission.

#(. What are the eneral roups of ystem-pecific ;olicy?

E %ccess Control 6ists

E Confiuration ules.

&). What is a Capability table?

E $t is a list associated with users and roups

E pecifies which sub*ects and ob*ects a user or roup can access.

E 4hese are fre=uently comple0 matrices rather than simplJe lists or tables.

&1. What is K%reed Apon ;roceduresD?


17/64

$t is a document that outlines the policies and technoloies necessary

to security systems that carry the sensitive cardholder information to and from

from >$% systems.

&2. What is redundancy?

$mplementin multiple types of technoloy and thereby preventin

failure of one system from compromisin the security of the information is

referred to as redundancy.

&3. What is a 8irewall?

$t is a device that selectively discriminates aainst information flowin

into or out of the orani5ation.

&!. What is 8irewall ubnet?

$t consists of multiple firewalls creatin a buffer between the outside

and inside networks.

&". What is +:s?

E % buffer aainst outside attack is referred to as +emilitari5ed one.

E $t is a no-man@s-land between the inside and outside networks where

some orani5ations place Web ervers.

E 4he servers provide access to orani5ational Web paes without allowin

Web re=uests to enter the interior networks.. What are the 2 versions of $+?

E ,ot-based $+

E etwork-based $+

&&. What is Continency ;lannin?

$t is the entire plannin conducted by the orani5ation to prepare for9

react to9 and recover from events that threaten the security of information and

information assets in the orani5ation.

&'. Who are the members of the continency team?

E Champion

E ;ro*ect :anaer

E 4eam :embers.

&(. What are the staes in the /usiness $mpact %nalysis tepL?


18/64

E 4hreat attack identification

E /usiness unit analysis

E %ttack success scenarios

E ;otential damae assessment

E ubordinate plan classification

'). What is an attack profile?

$t is a detailed description of activities that occur durin an attack.

'1. What is an incident?

$t is any clearly identified attack on the orani5ation@s information assets

that would threaten the asset@s confidentiality9 interity9 or availability.

'2. What are the phases of $ncident esponse?

E ;lannin

E +etection

E eaction

E ecovery.

'3. What are the " testin strateies of $ncident ;lannin?

E Checklist

E tructured walk-throuh

E imulationE ;arallel

E 8ull interruption

'!. What is an alert roster?

$t is a document containin contact information for individuals to be notified

in the event of an incident.

'". What are the 2 ways to activate an alert roster?

E e=uential roster I $t is activated as a contact person calls each person on

the roster.

E ,ierarchical roster I $t is activated as the first person calls a few other

people on the roster9 who in turn call a few people.

'#. What is computer forensics?

$t is the process of collectin9 analy5in and preservin computer


19/64

related evidence.

'&. What are ,oney pots?

4hese are computer servers confiured to reassemble production

systems9 containin rich information *ust bein to be hacked.

''. What is enticement?

$t is the process of attractin attention to a system by placin

tantali5in bits of information in key locations.

'(. What is entrapment?

$t is the action of lurin an individual into committin a crime to et a

conviction.

(). What is :utual areement?

$t is a contract between two or more orani5ation@s that specifies how

each to assist the other in the event of a disaster.

(1. What is intrusion?

%n intrusion is a type of attack on information assets in which the

instiator attempts to ain entry into a system or disrupt the normal operations

of a system with9 almost always9 the intent to do malicious harm.

(2. What is $+?

$+ stands for $ntrusion +etection ystems. $t works like a burlaralarm in that it detects a violation of its confiuration and activates and alarm.

4his alarm can be audible andBor visual or it can be silent.

(3. What is inature based $+s?

inature based $+s9 also known as knowlede based $+s9 e0amine

data traffic for patterns that match sinatures9 which are pre-confiured9

predetermined attack patterns.

(!. What are ,oney pots?

,oney pots are decoy systems9 which means they are desined to lure

potential attackers away from critical systems.

$n the security industry9 these systems are also known as decoys9 lures9 or flytraps.

(". What is the use of cannin and analysis tools?

cannin and analysis tools are used to pinpoint vulnerabilities in


20/64

systems9 holes in security components9 and unsecured aspects of the network.

%lthouh these tools are used by attackers9 they can also be used by an

administrator not only to learn more about hisBher own system but also identify

and repair system weaknesses before they result in losses.

(#. What are the factors of authentication?

E What a supplicant knows

E What a supplicant has

E Who a supplicant is

E What a supplicant produces

(&. What is ,ash function?

,ash functions are mathematical alorithms that enerate a messae

summary or diest that can be used to confirm the identity of a specific messae

and to confirm that the messae has not been altered.

('. What is ;F$?

;F$ I ;ublic Fey $nfrastructure

$t is an interated system of software9 encryption methodoloies9

protocols9 leal areements and third party services that enables users to

communicate securely. $t includes diital certificates and certificate authorities.

((. What is teanoraphy?teanoraphy is the process of hidin information9 and while it is not

properly a form of cryptoraphy9 it is related to cryptoraphy in that both are

ways of transmittin information without allowin it to be revealed in transit.

1)). What are the protocols used in ecure $nternet Communication?

E -,44;ecure ,yperte0t 4ransfer ;rotocol

E 6ecure ocket 6ayer

E 6 ecord ;rotocol

E tandard ,44;

1)1. What is ;hysical security?

;hysical security addresses the desin9 implementation9 and

maintenance of countermeasures that protect the physical resources of an

orani5ation. 4his means the physical protection of the people9 the hardware9


21/64

and the supportin system elements and resources associated with the control of

information in all its statesH transmission9 storae and processin.

1)2. What are the controls of protectin the ecure 8acility?

E Walls9 8encin9 Gates

E Guards

E +os

E $+ Cards and /ades

E 6ocks and keys

E :antraps

E lectronic :onitorin

E %larms and %larm ystems

E Computer ooms and Wirin Closets

E $nterior Walls and +oors

1)3. What are the basic types of 8ire +etection ystems?

E 4hermal +etection

E moke +etection

E 8lame +etection

1)!. What is 4:;4?

4:;4 is a technoloy that prevents the loss of data that mayresult from the emissions of electromanetic radiation.

1)". What is A;? What are the types of A;?

A;- Aninterruptible ;ower upply

$t is a electrical device that serves as a battery backup to detect the

interruption of power to the power e=uipment.

4he basic confiurations are9

E tandby or offline A;

E 8erroresonant tandby A;

E 6ine-interactive A;

E 4rue online A;

1)#. What are the relevant terms for electrical power influence?

E 8aultH :omentory $nterruption in power


22/64

E /lackoutH ;roloned $nterruption in power

E aH :omentary drop in power voltae levels

E /rown outH ;roloned drop in power voltae levels

E pikeH :omentory increase in power voltae levels

E ureH ;roloned increase in power voltae levels

1)&. What is fail-safe lock?

$t is usually used on an e0it9where it is essential for human safety in

the event of a fire.$t is used when human safety is not a factor.

1)'. What are the conditions cotrolled by ,>%C ystems?

E 4emperature

E 8iltration

E ,umidity

E tatic lectricity.

1#-:%F

1.0plain the Critical Characteristics of $nformation

E %vailability

E %ccuracy

E %uthenticity

E ConfidentialityE $nterity

E Atility

E ;ossession

2. 0plain the Components of an $nformation ystem

E oftware

E ,ardware

E ;eople

E +ata

E ;rocedures

E etworks

3. 0plain +6C in detail.

E :ethodoloy


23/64

E ;hases

E ;hases

E $nvestiation

E %nalysis

E 6oical +esin

E ;hysical +esin

E $mplementation

E :aintenance and chane

!. 0plain ec+6C in detail

E $nvestiation

E %nalysis

E 6oical +esin

E ;hysical +esin

E $mplementation

E :aintenance and chane

". 0plain the functions of an $nformation security orani5ation

E ;rotects the orani5ation@s ability to function

E nablin safe operation of applications

E ;rotectin data that orani5ations collect and useE afeuardin technoloy assets in orani5ations

#. 0plain the cateories of 4hreat in detail.

E %cts of human error or failure

E +eviations in M


24/64

E :alicious code

E ,oa0es

E /ack +oors

E ;assword Crack

E /rute 8orce

E +ictionary

'. 0plain General Computer Crime 6aws.

E Computer 8raud 7 abuse %ct )f 1('#

E A% ;atriot %ct of 2))1

E Communications +ecency %ct

E Computer ecurity %ct of 1('&

(. 0plain thical Concepts in $nformation ecurity.

E Cultural +ifferences in thical Concepts

E oftware 6icense $nfrinement

E $llicit use

E :isuse of corporate resources

1). 0plain isk :anaement in detail.

E Fnow Nourself

E Fnow Nour nemyE %ll Communities of $nterest

11. 0plain isk $dentification in detail

E %sset $dentification 7 >aluation

E %utomated isk :anaement tools

E $nformation %sset Classification

E $nformation %sset >aluation

E 6istin %ssets in order of importance

E +ata Classification 7 :anaement

E 4hreat $dentification

12. 0plain isk assessment in detail.

E $ntroduction

E 6ikelihood


25/64

E >aluation of $nformation %ssets

E ;ercentae of isk :itiated by Controls

E %ccess Controls

13. 0plain isk Control strateies in detail

E %voidance

E :itiation

E %cceptance

E 4ransference

1!. 0plain isk :itiation stratey election

E valuation9 %ssessment and :aintenance of isk controls

E Cateories of controls

E %rchitectural 6ayer

E tratey 6ayer

E

1". 0plain the types of ;olicies in detail.

E General security ;olicy

E $ssue-pecific ;olicy

E ystem-specific ;olicy

1#. 0plain $4 ecurity :odels in detail.E $4 pecial ;ublication ; '))-12

E $4 pecial ;ublication ; '))-1!

E $4 pecial ;ublication ; '))-1'

1&. 0plain >$% $nternational ecurity :odel in detail.

E /aselinin and best /usiness ;ractises

1'. 0plain the desin of ecurity %rchitecture in detail.

E +efense in +epth

E ecurity ;erimeter

E Fey 4echnoloy Components

1(. 0plain the :a*or teps in Continency ;lannin.

E /usiness $mpact %nalysis

E $ncident esponse ;lannin


26/64

E +isaster ecovery ;lannin

E /usiness Continuity ;lannin.

2).0plain $nformation ecurity ;olicy9 tandards and ;ractices in detail.

E +efinitions

E ecurity ;roram ;olicy;;

E $ssue-pecific ecurity ;olicy$;

E ystems-pecific ;olicyys;

E %C6 ;olicies

E ;olicy :anaement

21. 0plain protocols for ecure communication in detail.

E -,44; 7 6

E ecureB:ultipurpose $nternet :ail 0tensionB:$:

E $nternet ;rotocol ecurity$;ec

22. 0plain taffin the security in detail.

E Mualifications and e=uirements

E ntry into the ecurity ;rofession

E $nformation ecurity ;ositions

23. 0plain the fire safety in ;hysical security.

E 8ire +etection 7 esponseE 8ire +etection

E 8ire uppression

E Gaseous mission ystems

2!. 0plain the Cryptoraphic alorithms in detail.

E +ata ncryption tandards+

E ;ublic Fey $nfrastructure;F$

E +iital inatures

E ;retty Good ;rivacy;G;

2". 0plain $+ in detail

E ,ost-based $ds

E etwork-based $+

E inature-based $+


27/64

E tatistical %nomaly-based $+

2#. 0plain the type of encryptionBdecryption method.

Conventional :ethodsH

E Character-6evel ncryptionH ubstitutional 7 4ranspositional

E /it-6evel ncryptionH ncodinB+ecodin9 ;ermutation9 ubstitution9

;roduct9 0clusive-


28/64

Anna University Syllabus Materials and

Question Papers

Wednesday, 15 May 2013

CS922 !"#$%MA&!$" S'CU%!&( U"!-'%S!&( QU'S&!$"S W!&.

A"SW'%S

CS922 !"#$%MA&!$" S'CU%!&(

ANSWER KEYPART-A

1. Li! "#! !$% %'i! %'i&%.4he three security servicesOconfidentiality9 interity9 and availabilityOcounter

threats to the security of a system. hirey divides threats into four broad classesH

disclosure9 or unauthori5ed access to informationJ deception9 or acceptance of

false dataJ disruption9 or interruption or prevention of correct operationJ and

usurpation9 or unauthori5ed control of some part of a system. 4hese four broad

classes encompass many common threats.

2. D%*i+% !$% +"",i+ +/ ,""*i+.

noopin9 the unauthori5ed interception of information9 is a form of disclosure. $t

is passive9 suestin simply that some entity is listenin to or readin

communications or browsin throuh files or system information.

:as=ueradin or spoofin9 an impersonation of one entity by another9 is a form of

both deception and usurpation.

0. W'i!% !$% &',!"',$i& &$% *#+&!i"+ ,'",%'!i%.

% cryptoraphic checksum function also called a stron hash function or a stron

one-way function hH % / is a function that has the followin properties.

8or any 0 %9 h0 is easy to compute.

8or any y /9 it is computationally infeasible to find 0 % such that h0 P y.
http://questionsearch.blogspot.in/http://questionsearch.blogspot.in/http://questionsearch.blogspot.in/http://questionsearch.blogspot.in/


29/64

$t is computationally infeasible to find 09 0Q %9 such that 0 0Q and h0 P h0Q.

uch a pair is called a collision.

4he third re=uirement is often stated asH

Given any 0 %9 it is computationally infeasible to find another 0Q % such that 0 0Q

and h0Q P h0.

3. W$! i S%i"+ +/ I+!%'&$+% K%4

%n interchane key is a cryptoraphic key associated with a principal to a

communication.

% session key is a cryptoraphic key associated with the communication itself.

5. Di!i+#i$ 6%!7%%+ ,'i+&i,8% "* 8%! ,'ii8%% +/ ,'i+&i,8% "* *i8-*%

/%*#8!.

4he principle of least privilee states that a sub*ect should be iven only those

privilees that it needs in order to complete its task.

4he principle of fail-safe defaults states that9 unless a sub*ect is iven e0plicit

access to an ob*ect9 it should be denied access to that ob*ect.

9. D%*i+% C%'!i*i&!i"+ #!$"'i!i% i#+&% ,"8i& +/ &"+*i+%%+! ,'"68%.

%ccess control affects the function of the server in two ways.

4he server must ensure that the resources it accesses on behalf of the client

include only those resources that the client is authori5ed to access.

4he server must ensure that it does not reveal the clientQs data to any other entity

not authori5ed to see the clientQs data.

:. W$! i M8i&i"# 8"i& +/ T'";+ $"'%4

:alicious loic is a set of instructions that cause a siteQs security policy to be

violated.

% 4ro*an horse is a proram with an overt documented or known effect and a

covert undocumented or une0pected effect.


30/64

performs some possibly null action.

% boot sector infector is a virus that inserts itself into the boot sector of a disk.

=. W'i!% !$% "8 "* !$% D'i6> %'i! ,"8i&.

4he oals of the +ribQs security policy are to be as follows.

+ata related to company plans is to be kept secret. $n particular9 sensitive

corporate data9 such as data involved in developin potential products9 is to be

available only to those who need to know.

When a customer provides data such as a credit card number to the +rib as

part of a purchase9 the data9 and all information about the customer9 are to be

available only to those who fill the order. Company analysts may obtain statistics

about a number of orders for plannnin purposes.

eleasin sensitive data re=uires the consent of the companyQs officials and

lawyers.1?. S$"'! +"!% "+ A+!i&i,!i+ A!!&.

$n spite of the measures outlined above9 the +rib security officers reali5e

that their network and systems miht be compromised throuh unanticipated

means. 4hey have taken steps to prepare for9 and handle9 such attacks.

PART-B

11 W'i!% + "%'i%7 "* C",#!%' S%'i! 7i!$ +%! %@,8%.C"+*i/%+!i8i!

Confidentiality is the concealment of information or resources.

I+!%'i!

$nterity refers to the trustworthiness of data or resources9 and it is usually

phrased in terms of preventin improper or unauthori5ed chane.

Ai86i8i!

%vailability refers to the ability to use the information or resource desired.

12. E@,8i+ !$% *"88"7i+) C8i&8 C',!"!%.

Classical cryptosystems also called sinle-key or symmetric cryptosystems are

cryptosystems that use the same key for encipherment and decipherment. $n

these systems9 for all k C and k F9 there is a +k + such that +k P kI1.


31/64

T'+,"i!i"+ Ci,$%'

% transposition cipher rearranes the characters in the plainte0t to form the

cipherte0t. 4he letters are not chaned.

S#6!i!#!i"+ Ci,$%'

% substitution cipher chanes characters in the plainte0t to produce the

cipherte0t.

Vi%+'% Ci,$%'

% loner key miht obscure the statistics.

6) P#68i& K% C',!"',$.

/ecause one key is public9 and its complementary key must remain secret9 a

public key cryptosystem must meet the followin three conditions.

$t must be computationally easy to encipher or decipher a messae iven the

appropriate key. $t must be computationally infeasible to derive the private key from the public key.

$t must be computationally infeasible to determine the private key from a chosen

plainte0t attack.

4he first cipher to meet these re=uirements enerates a shared session key. 4he

second one provides both secrecy and authentication.

(OR)

W'i!% 6"#! !$% S!'% +/ B8"& Ci,$%' +/ N%!7"' +/ C',!"',$

6et be an encipherment alorithm9 and let kb be the encipherment of

messae b with key k. 6et a messae m P b1b2 R9 where each bi is of a fi0ed

lenth. 4hen a block cipher is a cipher for which km P kb1kb2 R.

%n n-stae linear feedback shift reister 68 consists of an n-bit reister r P

r)RrnI1 and an n-bit tap se=uence t P t)RtnI1. 4o obtain a key bit9 r) is used9

the reister is shifted one bit to the riht9 and the new bit r)t)RrnI1tnI1 is

inserted.

10. W'i!% 6"#! !$% D%i+ P'i+&i,8% 7i!$ DVD % 8"#! %@,8%.

4he principle of open desin states that the security of a mechanism should not

depend on the secrecy of its desin or implementation.

4he principle of separation of privilee states that a system should not rant


32/64

permission based on a sinle condition.

4he principle of least common mechanism states that mechanisms used to

access resources should not be shared.

4he principle of psycholoical acceptability states that security mechanisms

should not make the resource more difficult to access than if the security

mechanisms were not present.

(OR)

W'i!% 6"#! !$% *"88"7i+ A&&% C"+!'"8 M%&$+i.

) A&&% C"+!'"8 Li!.6et be the set of sub*ects9 and the set of rihts9 of a system. %n access

control list %C6 l is a set of pairs l P S s9 r H s 9 r T. 6et acl be a function that

determines the access control list l associated with a particular ob*ect o. 4he

interpretation of the access control list aclo P S si9 ri H 1 i n T is that sub*ect si

may access o usin any riht in ri.

6) L"& +/ K%.

4he locks and keys techni=ue combines features of access control lists and

capabilities. % piece of information the lock is associated with the ob*ect and a

second piece of information the key is associated with those sub*ects authori5ed

to access the ob*ect and the manner in which they are allowed to access the

ob*ect. When a sub*ect tries to access an ob*ect9 the sub*ectQs set of keys is

checked. $f the sub*ect has a key correspondin to any of the ob*ectQs locks9


33/64

access of the appropriate type is ranted.T,% C$%&i+- 4ype checkin restricts access on the basis of the types of the

sub*ect and ob*ect. $t is a form of locks and keys access control9 the pieces of

information bein the type. ystems use type checkin in areas other than

security.S$'i+ S%&'%!- % t9 n-threshhold scheme is a cryptoraphic scheme in which

a datum is divided into n parts9 any t of which are sufficient to determine the

oriinal datum. 4he n parts are called shadows.13. W$! i &",#!%' i'# +/ %@,8i+ 6"#! 88 !$% !,% "* &",#!%' i'#%.

% 6""! %&!"' i+*%&!"'is a virus that inserts itself into the boot sector of a disk.

%n %@%!68% i+*%&!"'is a virus that infects e0ecutable prorams.

% #8!i,'!i!% i'#is one that can infect either boot sectors or applications.

% !%'i+!% +/ ! '%i/%+! (TSR)virus is one that stays active resident in

memory after the application or bootstrappin9 or disk mountin has terminated.

S!%8!$ i'#%are viruses that conceal the infection of files.

% ,"8"',$i& i'#is a virus that chanes its form each time it inserts itself

into another proram.

(OR)

W'i!% !$% *"88"7i+ #/i!i+.

) D%i+i+ + A#/i!i+ S!%.

6oin is the recordin of events or statistics to provide information about

system use and performance.

%uditin is the analysis of lo records to present information about the system in

a clear and understandable manner.

6oer

6oin mechanisms record information. 4he type and =uantity of information are

dictated by system or proram confiuration parameters. 4he mechanisms may

record information in binary or human-readable form or transmit it directly to an

analysis mechanism.

%naly5er

%n analy5er takes a lo as input and analy5es it. 4he results of the analysis may

lead to chanes in the data bein recorded9 to detection of some event or

problem9 or both.


34/64

otifier

4he analy5er passes the results of the analysis to the notifier. 4he notifier informs

the analyst9 and other entities9 of the results of the audit. 4he entities may take

some action in response to these results.

%n anonymi5in saniti5er deletes information in such a way that it cannot be

reconstructed by either the recipient or the oriinator of the data in the lo. %

pseudonymi5in saniti5er deletes information in such a way that the oriinator of

the lo can reconstruct the deleted information.

% state-based loin mechanism records information about a systemQs state. %

state-based auditin mechanism determines whether or not a state of the system

is unauthori5ed.

% transition-based loin mechanism records information about an action on a

system. % transition-based auditin mechanism e0amines the current state of the

system and the proposed transition command to determine if the result will place

the system in an unauthori5ed state.

15. W'i!% 6"#! !$% #%' %'i! +/ %@,8i+ 7i!$ Fi8% +/ D%i&%.Fi8%

Asers must protect confidentiality and interity of the files to satisfy policy

component A2. 4o this end9 they use the protection capabilities of the system to

constrain access. Complicatin the situation are the interpretation of permissions

on the containin directories.

% direct alias is a directory entry that points to names the file. %n indirect alias is

a directory entry that points to a special file containin the name of the taret file.

4he operatin system interprets the indirect alias by substitutin the contents of

the special file for the name of the indirect alias file.

%'! !%'i+8provides built-in mechanisms for performin special functions.(OR)E@,8i+ !$% *"88"7i+ !% %'i!.

) A#!$%+!i&!i"+%uthentication binds the identity of the user to processes. $ncorrect or

compromised authentication leads to security problems. $n this section9 we

consider the authentication techni=ues used in the two systems.


35/64

6) R%!'",%&!i%

T$% W%6 S%'%' S!% i+ !$% DM

4he Web server on the +: Web server system runs a minimal set of services. $t

keeps everythin possible on unalterable media.

T$% D%%8",%+! S!%

4he development system also runs a minimal set of prorams and services.

ANSWERKEY

PART-A

1. Li! "#! !$% G"8 "* S%'i!

;revention means that an attack will fail.

+etection is most useful when an attack cannot be prevented9 but it can also

indicate the effectiveness of preventative measures.

ecovery has two forms.

2. D'7 !$% %'i! 8i*% &&8%.

0. W$! i HMAC (H$ M%% A#!$%+!i&!i"+ C"/%)4 ,:%C is a eneric term for an alorithm that uses a keyless hash function

and a cryptoraphic key to produce a keyed hash function. 4his mechanism


36/64

enables %lice to validate that data /ob sent to her is unchaned in transit. Without

the key9 anyone could chane the data and recompute the messae

authentication code9 and %lice would be none the wiser.

3. S$"'! +"!% "+ P'%&",#!i+ !$% P"i68% M%% immons discusses the use of a Uforward searchU to decipher messaes

enciphered for confidentiality usin a public key cryptosystem. ,is approach is to

focus on the entropy uncertainty in the messae.

5. S!!% !$% ,'i+&i,8% "* %&"+" "* %&$+i 7i!$ %@,8%.


37/64

entry for the ne0t N packet is created. Ander a N flood9 the data structure is

kept full of entries that never move to the connected state.1?. Li! "#! !$% &","+%+! "* #%'> ,"8i&i%.

4he components of usersQ policies that we focus on are as follows.

A1.


38/64

4he principle of tran=uility states that sub*ects and ob*ects may not chane

their security levels once they have been instantiated. uppose that security levels

of ob*ects can be chaned9 and consider the effects on a system with one cateory

and two security clearances9 ,$G, and 6


39/64

a pair is called a collision.

4he third re=uirement is often stated asH

Given any 0 %9 it is computationally infeasible to find another 0Q % such that 0 0Q

and h0Q P h0.

10

.

W'i!% 6"#! !$% *"88"7i+ A&&% C"+!'"8 M%&$+i

) A&&% C"+!'"8 Li!.6et be the set of sub*ects9 and the set of rihts9 of a system. %n access control

list %C6 l is a set of pairs l P S s9 r H s 9 r T. 6et acl be a function that

determines the access control list l associated with a particular ob*ect o. 4he

interpretation of the access control list aclo P S si9 ri H 1 i n T is that sub*ect si

may access o usin any riht in ri.6) L"& +/ K%.

4he locks and keys techni=ue combines features of access control lists and

capabilities. % piece of information the lock is associated with the ob*ect and a

second piece of information the key is associated with those sub*ects authori5ed

to access the ob*ect and the manner in which they are allowed to access the

ob*ect. When a sub*ect tries to access an ob*ect9 the sub*ectQs set of keys is

checked. $f the sub*ect has a key correspondin to any of the ob*ectQs locks9 access

of the appropriate type is ranted.T,% C$%&i+- 4ype checkin restricts access on the basis of the types of the

sub*ect and ob*ect. $t is a form of locks and keys access control9 the pieces of

information bein the type. ystems use type checkin in areas other than security.

S$'i+ S%&'%!- % t9 n-threshhold scheme is a cryptoraphic scheme in which

a datum is divided into n parts9 any t of which are sufficient to determine the

oriinal datum. 4he n parts are called shadows.

(OR)

W'i!% 6"#! !$% D%i+ P'i+&i,8% 7i!$ DVD % 8"#! %@,8%.

4he principle of open desin states that the security of a mechanism should not

depend on the secrecy of its desin or implementation.


40/64

4he principle of separation of privilee states that a system should not rant

permission based on a sinle condition.

4he principle of least common mechanism states that mechanisms used to access

resources should not be shared.

4he principle of psycholoical acceptability states that security mechanisms

should not make the resource more difficult to access than if the security

mechanisms were not present.

13

.

E@,8i+ !$% *"88"7i+

) T$%"' "* M8i&i"# L"i& (1?)

4he types of malicious loic discussed so far are not distinct. Computer viruses

are a form of 4ro*an horses. Computer viruses may contain loic bombs9 as miht

computer worms. ome worms and viruses are bacteria because they absorb all

the resources of some type.

6et 4 be a 4urin machine and let > be a se=uence of symbols on the machine

tape. 6et sv be a distinuished state of 4. 8or every v >9 when 4 lies at the

beinnin of v in tape s=uare k9 suppose that after some number of instructions are

e0ecuted9 a se=uence vQ > lies on the tape beinnin at location kQ9 where either k

X YvY kQ or kQX YvY k. 4hen 49 > is a viral set and the elements of > are computer

viruses.

$t is undecidable whether an arbitrary proram contains malicious loic.


41/64

6) C",#!%' 7"' (9)

% computer worm is a proram that copies itself from one computer to another.

4he 8ather Christmas worm was interestin because it was a form of macro worm.

(OR)W'i!% !$% %@,8+!i"+ 6"#! !$% P%+%!'!i"+ S!#/i% 7i!$ %@,8% "*

C",'"i% "* B#''"#$ S!%

6oin is the recordin of events or statistics to provide information about system

use and performance.

% penetration study is a test for evaluatin the strenths of all security controls on

the computer system. 4he oal of the study is to violate the site security policy. %

penetration study also called a tier team attack or red team attack is not a

replacement for careful desin and implementation with structured testin. $t

provides a methodoloy for testin the system in toto9 once it is in place. Anlike

other testin and verification technoloies9 it e0amines procedural and operational

controls as well as technoloical controls.

G"8

% penetration test is an authori5ed attempt to violate specific constraints stated in

the form of a security or interity policy. 4his formulation implies a metric for

determinin whether the study has succeeded.

L%'i+ "* T%!

0ternal attacker with no knowlede of the system.

0ternal attacker with access to the system.

$nternal attacker with access to the system.

15. E@,8i+ !$% *"88"7i+)E8%&!'"+i& C"#+i&!i"+ (9)

lectronic communications deserves discussion to emphasi5e the importance of users

understandin basic security precautions.

-%utomated lectronic :ail ;rocessin

-8ailure to Check Certificates

-endin Ane0pected Content

6)C""+ S%'i!-R%8!%/ P'"'i+ P'"68% (1?)

tructure the process so that all sections re=uirin e0tra privilees are modules. 4he


42/64

modules should be as small as possible and should perform only those tasks that re=uire

those privilees.

Check that the process privilees are set properly.

4he proram that is e0ecuted to create the process9 and all associated control files9 must

be protected from unauthori5ed use and modification. %ny such modification must be

detected.

nsure that any assumptions in the proram are validated. $f this is not possible9 document

them for the installers and maintainers9 so they know the assumptions that attackers will

try to invalidate.

(OR)

W'i!% 6"#! !$% ,'"' %'i! +/ %@,8i+ 7i!$ T%!i+ Mi+!%++&% +/ O,%'!i"+

T%!i+

4he results of testin a proram are most useful if the tests are conducted in the environment in which the

proram will be used the production environment. o9 the first step in testin a proram is to construct an

environment that matches the production environment. 4his re=uires the testers to know the intended

production environment. $f there are a rane of environments9 the testers must test the prorams in all of

them.


43/64

T%!i+ !$% P'"'


44/64

Write about the %utonomous %entsH %%8$+

;%4 - /

Write about the computer security basic components.

What are operational issues and e0plain each steps.

0plain about the access control matri0 model.

/rief the confidentiality policies

/rief the $nterity policies with Clark-Wilson $nterity :odel.

Write about the Clinical $nformation ystems ecurity ;olicy in ,ybrid ;olicies.

Write the overview of Classical Cryptosystems.

0plain about the Fey :anaement and Cryptoraphic Fey $nfrastructures.

/rief the torin and evokin Feys

Write about the public key sinatures.


45/64

$nterity mechanisms fall into two classesH prevention m

2. Di**%'%+!i!% D%+i8 "* '%&%i,! +/ D%+i8 "* %'i&%.

D%+i8 "* '%&%i,!9 a false denial that an entity received

D%+i8 "* %'i&%9 a lon-term inhibition of service9 is a

0. W'i!% !$% !'#!i+ !$! %&$+i 7"' '%#i'% %%'8

4rustin that mechanisms work re=uires several assumptions.

ach mechanism is desined to implement one or more parts

4he union of the mechanisms implements all aspects of the se

4he mechanisms are implemented correctly.

4he mechanisms are installed and administered correctly.

3. S$"'! +"!% "+ P'"!%&!i"+ S!!%.

4he state of a system is the collection of the current va

5. W'i!% 6"#! P'i+&i,8% "* A!!%+#!i"+ "* P'ii8%%.

;rinciple of %ttenuation of ;rivilee. % sub*ect may not

9. W'i!% !$% !,% "* S%'i! P"8i&i%.

% military security policy also called a overnmental se

% commercial security policy is a security policy develop

% confidentiality policy is a security policy dealin only w

%n interity policy is a security policy dealin only with in

:. Li! "#! !$% T,% "* A&&% C"+!'"8.


46/64

$f an individual user can set an access control mechanis

When a system mechanism controls access to an ob*ec

%n "'ii+!"' &"+!'"88%/ &&% &"+!'"8 (ORCON "' O


47/64

Confidentiality is the concealment of information or re

$nterity refers to the trustworthiness of data or resou

%vailability refers to the ability to use the information


48/64

3. s1 can e0ecute s2 if and only if is2

Li,+%'> U% "* !$% B%88-LP/#8 M"/%8

6ipner provides two security levels9 in the followin order

%udit :anaer %:H system audit and manaeme

ystem 6ow 6H any process can read informatio

,e similarly defined five cateoriesH

+evelopment +H production prorams under deve

;roduction Code ;CH production processes and p

;roduction +ata ;+H data covered by the interity

ystem +evelopment +H system prorams unde

oftware 4ools 4H prorams provided on the prod

=. W'i!% 6"#! !$% K% E@&$+% +/ % %+%'!i"+.

4he oal of key e0chane is to enable %lice to communica

1. 4he key that %lice and /ob are to share cannot be transm

2. %lice and /ob may decide to trust a third party called UCa

3. 4he cryptosystems and protocols are publicly known. 4he

Fey Generation

4he secrecy that cryptosystems provide resides in the sele

% se=uence of cryptoraphically random numbers

% se=uence of cryptoraphically pseudorandom nu

% stron mi0in function is a function of two or mor


49/64

1?. E@,8i+ !$% *"88"7i+

a. K% G%+%'!i"+.

Fey Generation

4he secrecy that cryptosystems provide resides in the sele

% se=uence of cryptoraphically random numbers

% se=uence of cryptoraphically pseudorandom nu

% stron mi0in function is a function of two or more inputs

b.S%i"+ +/ I+!%'&$+% K%.

%n interchane key is a cryptoraphic key associated wit

% session key is a cryptoraphic key associated with the

PART-A

1. Li! "#! !$% #!$%+!i&!i"+ !% &"+i!i+ "* *i% &","+%

1. 4he set % of authentication information is the set of specific inform

2. 4he set C of complementary information is the set of information t

3. 4he set 8 of complementation functions that enerate the comple

!. 4he set 6 of authentication functions that verify identity. 4hat is9 fo


50/64

5. 4he set of selection functions that enable an entity to create or

2. W$! i ,'"&!i% ,7"'/ &$%&%'4

% proactive password checker is software that enforces specific re

0. Di!i+#i$ 6%!7%%+ !$% #!$%+!i&!i"+ ,"8i& +/ i#+&% ,

% C% authentication policy describes the level of authentication r

% C% issuance policy describes the principals to whom the C% w

3. D%*i+% !$% S!!% +/ C""i%

% messae iven to a Web browserby aWeb server. 4he bro

5. E@,8i"+ 6"#! !$% 8"& +/ % !%&$+i#%.

4he locks and keys techni=ue combines features of access contro

9. W'i!% 6"#! !$% C"+*i+%%+! F8"7 M"/%8

4he confinement flow model is a !-tuple $9


51/64

4he ability to copy capabilities implies the ability to ive rihts. 4o

PART-A (0 @ 1? 0? MARKS)

ANSWER THE ANY THREE

:. B'i%* !$% Bi"%!'i& &""+ &$'%&!%'i!i&.

/iometrics is the automated measurement of bioloica

Fingerprints - Finer/rint# an )e #anne& o/tia%%" )!t t

Voices -A!t'entiation )" oie a%#o a%%e& #/ea(er er

Eyes -A!t'entiation )" e"e 'arateri#ti# !#e# t'e iri#

Faces - Fae reonition on#i#t# of #eera% #te/#. Fir#t t

K%!'"% - Feystroke dynamics re=uires a sinature ba

Caution - 6ea!#e )iometri# mea#!re# 'arateri#ti# of


52/64

1. % hash value computed on a canonical representation of t

2. 4he C%Qs public key in the certificate

3. 4he +istinuished ame of the ;C%

$dentity on the Web - Certificates are not ubi=uitous on the

=. O%'i%7 !$% I+*"'!i"+ F8"7.

%lthouh access controls can constrain the rihts of

E+!'",-B%/ A+8i -4he command se=uence c ca

%n implicit flow of information occurs when informat

4he confinement flow model is a !-tuple $9


53/64

lub019 ...9 0n y

$f the condition is true9 the assinment proceeds. $f not9 it fa

$mplicit flows complicate checkin.

1?. B'i%* !$% C",i8%'-B%/ M%&$+i.

Compiler-based mechanisms check that information flows

% set of statements is certified with respect to an informati

We opt for a more liberal approach9 in which the lanuae

0H inteer class S %9 / T

states that 0 is an inteer variable and that data from secu

%ssinment tatements

%n assinment statement has the form

y HP f019 ...9 0n

Compound tatements

% compound statement has the form

bein

1J

...

nJ

endJ

where each of the iQs is a statement. $f the information flo

1secure

...

nsecure

% basic block is a se=uence of statements in a proram th

wait0H if 0 P ) then block until 0 L )J 0 HP 0 - 1J

sinal0H 0 HP 0 X 1J


54/64

ANSWER KEY

PART-A

1. E@,8i+ 6"#! S!!% +/ C""i%

% messae iven to aWeb browserby a Web server. 4h

2. W$! i %'i! ,i,%8i+% i+!%'*&% (SPI)4

,offman and +avis propose addin a processor9 called

Fi#'% U% "* + SPI !" &$%& *"' &"''#,!%/ *i8%.

0. W'i!% 6"#! '#8% "* !'+i!i% &"+*i+%%+! +/ i'!#8 &$

% virtual machine is a proram that simulates the hardw

3. Di**%'%+!i!% 6%!7%%+ &"%'! !"'% &$++%8 +/ +"i%8%
http://www.webopedia.com/TERM/B/browser.htmlhttp://www.webopedia.com/TERM/B/browser.htmlhttp://www.webopedia.com/TERM/B/browser.htmlhttp://www.webopedia.com/TERM/W/Web_server.htmlhttp://www.webopedia.com/TERM/B/browser.htmlhttp://www.webopedia.com/TERM/W/Web_server.html


55/64

% covert storae channel uses an attribute of the shared resou

% noiseless covert channel is a covert channel that uses a res

5. D'7 !$% S%'% N%!7"' S%'%' Mi8 G#'/ /i'.

9. W$! '% !$% !,% "* &",#!%' i'#%.

% 6""! %&!"' i+*%&!"'is a virus that inserts itself into the boo

%n %@%!68% i+*%&!"'is a virus that infects e0ecutable pro

% #8!i,'!i!% i'#is one that can infect either boot sectors

% !%'i+!% +/ ! '%i/%+! (TSR)virus is one that stays a

S!%8!$ i'#%are viruses that conceal the infection of files.

% ,"8"',$i& i'#is a virus that chanes its form each tim

:. D%*i+% M8i&i"# 8"i&

:alicious loic is a set of instructions that cause a siteQs


56/64

% 6""! %&!"' i+*%&!"'is a virus that inserts itself into the boo

1?. Li! "#! !$% *"#' !%, *"' F87 H,"!$%i M%!$"/"8".

1. $nformation atherin. $n this step9 the testers become familiar w

2. 8law hypothesis. +rawin on the knowlede ained in the first s

3. 8law testin. 4he testers test their hypothesi5ed flaws. $f a flaw

3. 8law enerali5ation.


57/64

/oth the sendin and receivin processes must have acc

4he sendin process must be able to modify that attribut

4he receivin process must be able to reference that attr

% mechanism for initiatin both processes9 and properly

4he re=uirements for covert timin channels are similar t



4he sendin process must be able to control the timin o

% mechanism for initiatin both processes9 and properly

T$% ,%&i*i& &'i!%'i '% *"88"7.

4he value of a variable is obtained from a system call.

% callin process can detect at least two different states

=. E@,8i+ 6"#! !$% #8+%'6i8i! *'%7"' 7i!$ +%! %

4he oals of a framework dictate the frameworkQs structure

4he investiators classified flaws into seven eneral class

$ncomplete parameter validation

$nconsistent parameter validation

$mplicit sharin of privileedBconfidential data

%synchronous validationBinade=uate seriali5ation

$nade=uate identificationBauthenticationBauthori5ation

>iolable prohibitionBlimit

0ploitable loic error


58/64

T$% F87 C8% -

$ncomplete parameter validation occurs when a paramet

$nconsistent parameter validation is a desin flaw in whic

$nade=uate identificationBauthori5ationBauthentication flaw

0ploitable loic error flaws encompass problems not fal

A8> M"/%8

-4he 8law Classes

-6eacy

C",'i"+ +/ A+8i

-4he 0term 6o 8ile 8law

-4he finerd /uffer


59/64

ANSWER KEY

PART-A

1. Di**%'%+!i!% 6%!7%%+ #!$%+!i&!i"+ ,"8i& +/ i#+&% ,

% C% authentication policy describes the level of authenticatio

% C% issuance policy describes the principals to whom the C%

2. W$! i !$'%$$"8/ &$%%4

% t9 n-threshhold scheme is a cryptoraphic scheme in

0. W'i!% 6"#! &"+*i+%%+! ,'"68% +/ &"%'! &$++%8.

%ccess control affects the function of the server in two ways.

4he server must ensure that the resources it accesses on beh

4he server must ensure that it does not reveal the clientQs data

% covert channel is a path of communication that was not desi

3. W$! i +/6"@4

% sandbo0 is an environment in which the actions of a process

5. W'i!% !$% &"+&%,! "* F%+!"+> D! M' M&$i+%.


60/64

8enton created an abstract machine called the +ata :ark :a

8enton defined five instructions. 4he relationships between e0

4he increment instruction

0 HP 0 X 1

is e=uivalent to

if ;C 0 then 0 HP 0 X 1J else skip

9. Di**%'%+!i!% 6%!7%%+ T'";+ $"'% +/ ,'",!i+ T'";+

% 4ro*an horse is a proram with an overt documented or kno

% propaatin 4ro*an horse also called a replicatin 4ro*an ho

:. D%*i+% !$% 8"i+ +/ #/i!i+.

6oin is the recordin of events or statistics to provide infor

%uditin is the analysis of lo records to present information a


61/64

0ternal attacker with access to the system. %t this level9 the t

$nternal attacker with access to the system. %t this level9 the te

PART-B

:. O%'i%7 6"#! !$% ,'i+&i,8% "* %'% /%i+ 7'i!%

4he principle of least privilee states that a sub*ect shoul

4he principle of fail-safe defaults states that9 unless a su

4he principle of economy of mechanism states that secu

4he principle of complete mediation re=uires that all acce

4he principle of open desin states that the security of a

4he principle of separation of privilee states that a syste

4he principle of least common mechanism states that me

4he principle of psycholoical acceptability states that se


62/64

Conditional statements

$terative statements

Goto statements

;rocedure calls

8unction calls

$nputBoutput statements.

Ai+%+! S!!%%+!

%n assinment statement has the form

y HP f019 ...9 0n

where y and 019 ...9 0n are variables and f is some function

lubS019 ...9 0nT y

C","#+/ S!!%%+!

% compound statement has the form

bein

1J

...

nJ

endJ

=. W'i!% 6"#! !$% &",#!%' i'#% +/ %%'8 !,% "*

% &",#!%' i'#is a proram that inserts itself i

% 6""! %&!"' i+*%&!"'is a virus that inserts itself


63/64

E %n %@%!68% i+*%&!"'is a virus that infects e0ec

E % #8!i,'!i!% i'#is one that can infect either bo

E % !%'i+!% +/ ! '%i/%+! (TSR)virus is one

E S!%8!$ i'#%are viruses that conceal the infect

E % ,"8"',$i& i'#is a virus that chanes its fo

1?. E@,8i+ !$% *"88"7i+

) A+!" "* + A#/i!i+ S!%. (5)

6oin is the recordin of events or statistics to provide

%uditin is the analysis of lo records to present informa

6oer 6oin mechanisms record information. 4he type and =

%naly5er

%n analy5er takes a lo as input and analy5es it. 4he res

otifier

4he analy5er passes the results of the analysis to the no

%n anonymi5in saniti5er deletes information in such a w

% state-based loin mechanism records information ab

% transition-based loin mechanism records informatio

6) I+!'#i"+ /%!%&!i"+ '&$i!%&!#'%. (5)

A'&$i!%&!#'% "* + i+!'#i"+ /%!%&!i"+ !%.


64/64

A%+!

%n aent obtains information from a data source

H"!-B%/ I+*"'!i"+ G!$%'i+

,ost-based aents usually use system and ap

C"6i+i+ S"#'&%

4he oal of an aent is to provide the director w

Di'%&!"'

4he director itself reduces the incomin lo ent

N"!i*i%'

4he notifier accepts information from the direc

is important questions

Documents