System and its vulnerabilities

System and its vulnerabilities

Chapter 11. Distinguish between vulnerability, threat, and control.2. Theft usually results in some kind of harm. For example, if someone stealsyour car, you may suffer financial loss, inconvenience (by losing your mode oftransportation), and emotional upset (because of invasion of your personalproperty and space). List three kinds of harm a company might experience fromtheft of computer equipment.3. List at least three kinds of harm a company could experience from electronicespionage or unauthorized viewing of confidential company materials.4. List at least three kinds of damage a company could suffer when the integrityof a program or company data is compromised.5. List at least three kinds of harm a company could encounter from loss ofservice, that is, failure of availability. List the product or capability to whichaccess is lost, and explain how this loss hurts the company.6. Describe a situation in which you have experienced harm as a consequence ofa failure of computer security. Was the failure malicious or not? Did the attackÿtarget you specifically or was it general and you were the unfortunate victim?ÿChapter 2ÿ1. Describe each of the following four kinds of access control mechanisms interms of (a) ease of determining authorized access during execution, (b) ease ofadding access for a new subject, (c) ease of deleting access by a subject, and (d)ease of creating a new object to which all subjects by default have access. per-subject access control list (that is, one list for each subject tellsall the objects to which that subject has access) per-object access control list (that is, one list for each object tells allthe subjects who have access to that object) access control matrix capability2. Suppose a per-subject access control list is used. Deleting an object in such asystem is inconvenient because all changes must be made to the control lists ofall subjects who did have access to the object. Suggest an alternative, less costlymeans of handling deletion.3. File access control relates largely to the secrecy dimension of security. Whatis the relationship between an access control matrix and the integrity of theobjects to which access is being controlled?4. One feature of a capability-based protection system is the ability of oneprocess to transfer a copy of a capability to another process. Describe a situationin which one process should be able to transfer a capability to another.5. Suggest an efficient scheme for maintaining a per-user protection scheme.That is, the system maintains one directory per user, and that directory lists allthe objects to which the user is allowed access. Your design should address theneeds of a system with 1000 users, of whom no more than 20 are active at anytime. Each user has an average of 200 permitted objects; there are 50,000 totalobjects in the system.6. Calculate the timing of password-guessing attacks:(a) If passwords are three uppercase alphabetic characters long, how muchtime would it take to determine a particular password, assuming that testingan individual password requires 5 seconds? How much time if testingrequires 0.001 seconds?(b) Argue for a particular amount of time as the starting point for secure.That is, suppose an attacker plans to use a brute-force attack to determine apassword. For what value of x (the total amount of time to try as manypasswords as necessary) would the attacker find this attack prohibitivelylong?(c) If the cutoff between insecure and secure were x amount of time,how long would a secure password have to be? State and justify yourassumptions regarding the character set from which the password isselected and the amount of time required to test a single password.7. Design a protocol by which two mutually suspicious parties can authenticateeach other. Your protocol should be usable the first time these parties try toauthenticate each other.8. List three reasons people might be reluctant to use biometrics forauthentication. Can you think of ways to counter those objections?9. False positive and false negative rates can be adjusted, and they are oftencomplementary: Lowering one raises the other. List two situations in which falsenegatives are significantly more serious than false positives.10. In a typical office, biometric authentication might be used to control access toemployees and registered visitors only. We know the system will have some falsenegatives, some employees falsely denied access, so we need a human override,someone who can examine the employee and allow access in spite of the failedauthentication. Thus, we need a human guard at the door to handle problems, as wellas the authentication device; without biometrics we would have had just the guard.Consequently, we have the same number of personnel with or without biometrics,plus we have the added cost to acquire and maintain the biometrics system. Explainÿthe security advantage in this situation that justifies the extra expense.


Comments are closed.