Anna University Syllabus Materials and Question Papers: CS9224 INFORMATION SECURITY UNIVERSITY QUESTIONS WITH ANSWERS

CS9224 INFORMATION SECURITY

ANSWER KEY

PART-A

1.	List out the security services. The three security services—confidentiality, integrity, and availability—counter threats to the security of a system. Shirey divides threats into four broad classes: disclosure, or unauthorized access to information; deception, or acceptance of false data; disruption, or interruption or prevention of correct operation; and usurpation, or unauthorized control of some part of a system. These four broad classes encompass many common threats.
2.	Define the snooping and spoofing. · Snooping, the unauthorized interception of information, is a form of disclosure. It is passive, suggesting simply that some entity is listening to (or reading) communications or browsing through files or system information. · Masquerading or spoofing, an impersonation of one entity by another, is a form of both deception and usurpation.
3.	Write the cryptographic checksum function properties. A cryptographic checksum function (also called a strong hash function or a strong one-way function) h: A B is a function that has the following properties. · For any x A, h(x) is easy to compute. · For any y B, it is computationally infeasible to find x A such that h(x) = y. · It is computationally infeasible to find x, x' A, such that x x' and h(x) = h(x'). (Such a pair is called a collision.) The third requirement is often stated as: · Given any x A, it is computationally infeasible to find another x' A such that x x' and h(x') = h(x).
4.	What is Session and Interchange Keys? · An interchange key is a cryptographic key associated with a principal to a communication. · A session key is a cryptographic key associated with the communication itself.
5.	Distinguish between principle of least privilege and principle of fail-safe defaults. · The principle of least privilege states that a subject should be given only those privileges that it needs in order to complete its task. · The principle of fail-safe defaults states that, unless a subject is given explicit access to an object, it should be denied access to that object.
6.	Define Certification authorities issuance policy and confinement problem. Access control affects the function of the server in two ways. · The server must ensure that the resources it accesses on behalf of the client include only those resources that the client is authorized to access. · The server must ensure that it does not reveal the client's data to any other entity not authorized to see the client's data.
7.	What is Malicious logic and Trojan horse? · Malicious logic is a set of instructions that cause a site's security policy to be violated. · A Trojan horse is a program with an overt (documented or known) effect and a covert (undocumented or unexpected) effect.
8.	Short note on computer virus and boot sector infector. · A computer virus is a program that inserts itself into one or more files and then performs some (possibly null) action. · A boot sector infector is a virus that inserts itself into the boot sector of a disk.
9.	Write the goals of the Drib's security policy. The goals of the Drib's security policy are to be as follows. · Data related to company plans is to be kept secret. In particular, sensitive corporate data, such as data involved in developing potential products, is to be available only to those who need to know. · When a customer provides data (such as a credit card number) to the Drib as part of a purchase, the data, and all information about the customer, are to be available only to those who fill the order. Company analysts may obtain statistics about a number of orders for plannning purposes. · Releasing sensitive data requires the consent of the company's officials and lawyers.
10.	Short note on Anticipating Attacks. In spite of the measures outlined above, the Drib security officers realize that their network and systems might be compromised through unanticipated means. They have taken steps to prepare for, and handle, such attacks.

PART-B

11	Write an overview of Computer Security with neat examples. Confidentiality · Confidentiality is the concealment of information or resources. Integrity · Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change. Availability · Availability refers to the ability to use the information or resource desired.
12.	Explain the following a) Classical Cryptosystems. · Classical cryptosystems (also called single-key or symmetric cryptosystems) are cryptosystems that use the same key for encipherment and decipherment. In these systems, for all Ek C and k K, there is a Dk D such that Dk = Ek–1. Transposition Ciphers · A transposition cipher rearranges the characters in the plaintext to form the ciphertext. The letters are not changed. Substitution Ciphers · A substitution cipher changes characters in the plaintext to produce the ciphertext. Vigenère Cipher · A longer key might obscure the statistics. b) Public Key Cryptography. · Because one key is public, and its complementary key must remain secret, a public key cryptosystem must meet the following three conditions. · It must be computationally easy to encipher or decipher a message given the appropriate key. · It must be computationally infeasible to derive the private key from the public key. · It must be computationally infeasible to determine the private key from a chosen plaintext attack. · The first cipher to meet these requirements generates a shared session key. The second one provides both secrecy and authentication. (OR) Write about the Stream and Block Ciphers and Networks and Cryptography Let E be an encipherment algorithm, and let Ek(b) be the encipherment of message b with key k. Let a message m = b1b2 …, where each bi is of a fixed length. Then a block cipher is a cipher for which Ek(m) = Ek(b1)Ek(b2) …. An n-stage linear feedback shift register (LFSR) consists of an n-bit register r = r0…rn–1 and an n-bit tap sequence t = t0…tn–1. To obtain a key bit, r0 is used, the register is shifted one bit to the right, and the new bit r0t0…rn–1tn–1 is inserted.
13.	Write about the Design Principles with DVD key layout examples. · The principle of open design states that the security of a mechanism should not depend on the secrecy of its design or implementation. · The principle of separation of privilege states that a system should not grant permission based on a single condition. · The principle of least common mechanism states that mechanisms used to access resources should not be shared. · The principle of psychological acceptability states that security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present. (OR) Write about the following Access Control Mechanisms. a) Access Control Lists. Let S be the set of subjects, and R the set of rights, of a system. An access control list (ACL) l is a set of pairs l = { (s, r) : s S, r R }. Let acl be a function that determines the access control list l associated with a particular object o. The interpretation of the access control list acl(o) = { (si, ri) : 1 i n } is that subject si may access o using any right in ri. b) Locks and Keys. The locks and keys technique combines features of access control lists and capabilities. A piece of information (the lock) is associated with the object and a second piece of information (the key) is associated with those subjects authorized to access the object and the manner in which they are allowed to access the object. When a subject tries to access an object, the subject's set of keys is checked. If the subject has a key corresponding to any of the object's locks, access of the appropriate type is granted. Type Checking - Type checking restricts access on the basis of the types of the subject and object. It is a form of locks and keys access control, the pieces of information being the type. Systems use type checking in areas other than security. Sharing Secrets - A (t, n)-threshhold scheme is a cryptographic scheme in which a datum is divided into n parts, any t of which are sufficient to determine the original datum. The n parts are called shadows.
14.	What is computer virus and explain about all the types of computer viruses. · A boot sector infector is a virus that inserts itself into the boot sector of a disk. · An executable infector is a virus that infects executable programs. · A multipartite virus is one that can infect either boot sectors or applications. · A terminate and stay resident (TSR) virus is one that stays active (resident) in memory after the application (or bootstrapping, or disk mounting) has terminated. · Stealth viruses are viruses that conceal the infection of files. · A polymorphic virus is a virus that changes its form each time it inserts itself into another program. (OR) Write the following auditing. a) Designing an Auditing System. · Logging is the recording of events or statistics to provide information about system use and performance. · Auditing is the analysis of log records to present information about the system in a clear and understandable manner. · Logger · Logging mechanisms record information. The type and quantity of information are dictated by system or program configuration parameters. The mechanisms may record information in binary or human-readable form or transmit it directly to an analysis mechanism. · Analyzer · An analyzer takes a log as input and analyzes it. The results of the analysis may lead to changes in the data being recorded, to detection of some event or problem, or both. · Notifier · The analyzer passes the results of the analysis to the notifier. The notifier informs the analyst, and other entities, of the results of the audit. The entities may take some action in response to these results. · An anonymizing sanitizer deletes information in such a way that it cannot be reconstructed by either the recipient or the originator of the data in the log. A pseudonymizing sanitizer deletes information in such a way that the originator of the log can reconstruct the deleted information. · A state-based logging mechanism records information about a system's state. A state-based auditing mechanism determines whether or not a state of the system is unauthorized. · A transition-based logging mechanism records information about an action on a system. A transition-based auditing mechanism examines the current state of the system and the proposed transition (command) to determine if the result will place the system in an unauthorized state.
15.	Write about the user security and explain with Files and Devices. Files · Users must protect confidentiality and integrity of the files to satisfy policy component U2. To this end, they use the protection capabilities of the system to constrain access. Complicating the situation are the interpretation of permissions on the containing directories. · A direct alias is a directory entry that points to (names) the file. An indirect alias is a directory entry that points to a special file containing the name of the target file. The operating system interprets the indirect alias by substituting the contents of the special file for the name of the indirect alias file. · A smart terminal provides built-in mechanisms for performing special functions. (OR) Explain the following system security. a) Authentication Authentication binds the identity of the user to processes. Incorrect or compromised authentication leads to security problems. In this section, we consider the authentication techniques used in the two systems. b) Retrospective The Web Server System in the DMZ · The Web server on the DMZ Web server system runs a minimal set of services. It keeps everything possible on unalterable media. The Development System · The development system also runs a minimal set of programs and services.

ANSWERKEY

PART-A

1.

List out the Goals of Security

·         Prevention means that an attack will fail.

·         Detection is most useful when an attack cannot be prevented, but it can also indicate the effectiveness of preventative measures.

·         Recovery has two forms.

2.

Draw the security life cycle.



3.

What is HMAC (Hash Message Authentication Code)?

            HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to produce a keyed hash function. This mechanism enables Alice to validate that data Bob sent to her is unchanged in transit. Without the key, anyone could change the data and recompute the message authentication code, and Alice would be none the wiser.

4.

Short note on Precomputing the Possible Messages

          Simmons discusses the use of a "forward search" to decipher messages enciphered for confidentiality using a public key cryptosystem. His approach is to focus on the entropy (uncertainty) in the message.

5.

State the principle of economy of mechanism with example.

            One factor in evaluating a system's security is its complexity. If the design, implementation, or security mechanisms are highly complex, then the likelihood of security vulnerabilities increases.

6.

Define Certification authorities authentication policy and virtual machine.

            A virtual machine is a program that simulates the hardware of a (possibly abstract) computer system.

7.

Short note on executable infector and viruses

·         A computer virus is a program that inserts itself into one or more files and then performs some (possibly null) action.

·         An executable infector is a virus that infects executable programs.

8.

Write the comparison between formal verification and penetration testing.

                 A penetration test is an authorized attempt to violate specific constraints stated in the form of a security or integrity policy. This formulation implies a metric for determining whether the study has succeeded.

9.

Short note on TCP State and Memory Allocations.

·         This approach springs from the way in which most TCP servers are implemented. When a SYN packet is received, the server creates an entry in a data structure of pending connections and then sends the SYN/ACK packet.

·         The entry remains until either a corresponding ACK is received or a time-out occurs. In the former case, the connection is completed; in the latter case, a new entry for the next SYN packet is created. Under a SYN flood, the data structure is kept full of entries that never move to the connected state.

10.

List out the components of users' policies.

The components of users' policies that we focus on are as follows.

U1. Only users have access to their accounts.

U2. No other user can read or change a file without the owner's permission.

U3. Users shall protect the integrity, confidentiality, and availability of their files.

U4. Users shall be aware of all commands that they enter, or that are entered on their behalf.

PART-B

11.

Explain about the Access Control Matrix and explain with their model.

           The simplest framework for describing a protection system is the access control matrix model, which describes the rights of users over files in a matrix.

Access Control by Boolean Expression Evaluation

            Types of access are defined by the database and are called verbs; for example, the Structured Query Language (SQL) would have the verbs Insert and Update. Each rule, corresponding to a function, is associated with one or more verbs. Whenever a subject attempts to access an object using a right (verb) r, the Boolean expression (rule) associated with r is evaluated; if it is true, access is allowed, but if it is false, access is not allowed.

Access Controlled by History

             Statistical databases are designed to answer queries about groups of records yet not reveal information about any single specific record.

(OR)

Write about the Confidentiality Policies with neat examples.

Goals of Confidentiality Policies

           A confidentiality policy, also called an information flow policy, prevents the unauthorized disclosure of information.

The Bell-LaPadula Model

·         Simple Security Condition, Preliminary Version

·         *-Property (Star Property), Preliminary Version

·         Basic Security Theorem, Preliminary Version

·         Example: The Data General B2 UNIX System

Tranquility

             The principle of tranquility states that subjects and objects may not change their security levels once they have been instantiated. Suppose that security levels of objects can be changed, and consider the effects on a system with one category and two security clearances, HIGH and LOW.

             The principle of strong tranquility states that security levels do not change during the lifetime of the system.

The principle of weak tranquility states that security levels do not change in a way that violates the rules of a given security policy.

The Controversy over the Bell-LaPadula Model

               The Bell-LaPadula Model became the target of inquiries into the foundations of computer security. The controversy led to a reexamination of security models and a deeper appreciation of the complexity of modeling real systems.

12.

Write about the following

a)    Key Exchange

·         The goal of key exchange is to enable Alice to communicate secretly to Bob, and vice versa, using a shared cryptographic key. Solutions to this problem must meet the following criteria.

·         The key that Alice and Bob are to share cannot be transmitted in the clear. Either it must be enciphered when sent, or Alice and Bob must derive it without an exhange of data from which the key can be derived. (Alice and Bob can exchange data, but a third party cannot derive the key from the data exchanged.)

·         Alice and Bob may decide to trust a third party (called "Cathy" here).

·         The cryptosystems and protocols are publicly known. The only secret data is to be the cryptographic keys involved.

·         Classical cryptosystems and public key cryptosystems use different protocols.

b)   Cryptographic Key Infrastructures

          A cryptographic checksum function (also called a strong hash function or a strong one-way function) h: A B is a function that has the following properties.

·         For any x A, h(x) is easy to compute.

·         For any y B, it is computationally infeasible to find x A such that h(x) = y.

·         It is computationally infeasible to find x, x' A, such that x x' and h(x) = h(x'). (Such a pair is called a collision.)

·         The third requirement is often stated as:

·         Given any x A, it is computationally infeasible to find another x' A such that x x' and h(x') = h(x).

13.

Write about the following Access Control Mechanisms

a)    Access Control Lists.

Let S be the set of subjects, and R the set of rights, of a system. An access control list (ACL) l is a set of pairs l = { (s, r) : s S, r R }. Let acl be a function that determines the access control list l associated with a particular object o. The interpretation of the access control list acl(o) = { (si, ri) : 1 i n } is that subject si may access o using any right in ri.

b)   Locks and Keys.

The locks and keys technique combines features of access control lists and capabilities. A piece of information (the lock) is associated with the object and a second piece of information (the key) is associated with those subjects authorized to access the object and the manner in which they are allowed to access the object. When a subject tries to access an object, the subject's set of keys is checked. If the subject has a key corresponding to any of the object's locks, access of the appropriate type is granted.

Type Checking - Type checking restricts access on the basis of the types of the subject and object. It is a form of locks and keys access control, the pieces of information being the type. Systems use type checking in areas other than security.

Sharing Secrets - A (t, n)-threshhold scheme is a cryptographic scheme in which a datum is divided into n parts, any t of which are sufficient to determine the original datum. The n parts are called shadows.

(OR)

Write about the Design Principles with DVD key layout examples.

·         The principle of open design states that the security of a mechanism should not depend on the secrecy of its design or implementation.

·         The principle of separation of privilege states that a system should not grant permission based on a single condition.

·         The principle of least common mechanism states that mechanisms used to access resources should not be shared.

·         The principle of psychological acceptability states that security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present.

14.

Explain the following

a)    Theory of Malicious Logic (10)

·         The types of malicious logic discussed so far are not distinct. Computer viruses are a form of Trojan horses. Computer viruses may contain logic bombs, as might computer worms. Some worms and viruses are bacteria because they absorb all the resources of some type.

·         Let T be a Turing machine and let V be a sequence of symbols on the machine tape. Let sv be a distinguished state of T. For every v V, when T lies at the beginning of v in tape square k, suppose that after some number of instructions are executed, a sequence v' V lies on the tape beginning at location k', where either k + |v| k' or k'+ |v| k. Then (T, V) is a viral set and the elements of V are computer viruses.

·         It is undecidable whether an arbitrary program contains malicious logic.

b)   Computer worms (6)

·         A computer worm is a program that copies itself from one computer to another.

·         The Father Christmas worm was interesting because it was a form of macro worm.

(OR)

Write the explanation about the Penetration Studies with example of Compromise of a Burroughs System

·         Logging is the recording of events or statistics to provide information about system use and performance.

·         A penetration study is a test for evaluating the strengths of all security controls on the computer system. The goal of the study is to violate the site security policy. A penetration study (also called a tiger team attack or red team attack) is not a replacement for careful design and implementation with structured testing. It provides a methodology for testing the system in toto, once it is in place. Unlike other testing and verification technologies, it examines procedural and operational controls as well as technological controls.

Goals

·         A penetration test is an authorized attempt to violate specific constraints stated in the form of a security or integrity policy. This formulation implies a metric for determining whether the study has succeeded.

Layering of Tests

·         External attacker with no knowledge of the system.

·         External attacker with access to the system.

·         Internal attacker with access to the system.

15.

Explain the following

a)    Electronic Communications (6)

Electronic communications deserves discussion to emphasize the importance of users understanding basic security precautions.

·         -Automated Electronic Mail Processing

·         -Failure to Check Certificates

·         -Sending Unexpected Content

b)   Common Security-Related Programming Problems (10)

·         Structure the process so that all sections requiring extra privileges are modules. The modules should be as small as possible and should perform only those tasks that require those privileges.

·         Check that the process privileges are set properly.

·         The program that is executed to create the process, and all associated control files, must be protected from unauthorized use and modification. Any such modification must be detected.

·         Ensure that any assumptions in the program are validated. If this is not possible, document them for the installers and maintainers, so they know the assumptions that attackers will try to invalidate.

(OR)

Write about the program security and explain with Testing, Maintenance, and Operation

Testing

             The results of testing a program are most useful if the tests are conducted in the environment in which the program will be used (the production environment). So, the first step in testing a program is to construct an environment that matches the production environment. This requires the testers to know the intended production environment. If there are a range of environments, the testers must test the programs in all of them. Often there is overlap between the environments, so this task is not so daunting as it might appear.

The types of test are as follows.

·         Normal data tests. These tests provide unexceptional data.The data should be chosen to exercise as many paths of control through the module as possible.

·         Boundary data tests. These tests provide data that tests any limits to the interfaces. For example, if the module expects a string of up to 256 characters to be passed in, these tests invoke the module and pass in arrays of 255, 256, and 257 characters.

·         Exception tests. These tests determine how the program handles interrupts and traps.

·         Error handling tests. These tests assume that the called modules violate their specifications in some way. The goal of these tests is to determine how robust the caller is. If it fails gracefully, and restores the system to a safe state, then the module passes the test. Otherwise, it fails and must be rewritten.

·         Testing the Program

          Once the testers have assembled the program and its documentation, the final phase of testing begins. The testers have someone follow the installation and configuration instructions.

Anna University Syllabus Materials and Question Papers

Wednesday 15 May 2013

CS9224 INFORMATION SECURITY UNIVERSITY QUESTIONS WITH ANSWERS

No comments:

Post a Comment

1.	List out the Goals of Security · Prevention means that an attack will fail. · Detection is most useful when an attack cannot be prevented, but it can also indicate the effectiveness of preventative measures. · Recovery has two forms.
2.	Draw the security life cycle.
3.	What is HMAC (Hash Message Authentication Code)? HMAC is a generic term for an algorithm that uses a keyless hash function and a cryptographic key to produce a keyed hash function. This mechanism enables Alice to validate that data Bob sent to her is unchanged in transit. Without the key, anyone could change the data and recompute the message authentication code, and Alice would be none the wiser.
4.	Short note on Precomputing the Possible Messages Simmons discusses the use of a "forward search" to decipher messages enciphered for confidentiality using a public key cryptosystem. His approach is to focus on the entropy (uncertainty) in the message.
5.	State the principle of economy of mechanism with example. One factor in evaluating a system's security is its complexity. If the design, implementation, or security mechanisms are highly complex, then the likelihood of security vulnerabilities increases.
6.	Define Certification authorities authentication policy and virtual machine. A virtual machine is a program that simulates the hardware of a (possibly abstract) computer system.
7.	Short note on executable infector and viruses · A computer virus is a program that inserts itself into one or more files and then performs some (possibly null) action. · An executable infector is a virus that infects executable programs.
8.	Write the comparison between formal verification and penetration testing. A penetration test is an authorized attempt to violate specific constraints stated in the form of a security or integrity policy. This formulation implies a metric for determining whether the study has succeeded.
9.	Short note on TCP State and Memory Allocations. · This approach springs from the way in which most TCP servers are implemented. When a SYN packet is received, the server creates an entry in a data structure of pending connections and then sends the SYN/ACK packet. · The entry remains until either a corresponding ACK is received or a time-out occurs. In the former case, the connection is completed; in the latter case, a new entry for the next SYN packet is created. Under a SYN flood, the data structure is kept full of entries that never move to the connected state.
10.	List out the components of users' policies. The components of users' policies that we focus on are as follows. U1. Only users have access to their accounts. U2. No other user can read or change a file without the owner's permission. U3. Users shall protect the integrity, confidentiality, and availability of their files. U4. Users shall be aware of all commands that they enter, or that are entered on their behalf.

11.	Explain about the Access Control Matrix and explain with their model. The simplest framework for describing a protection system is the access control matrix model, which describes the rights of users over files in a matrix. Access Control by Boolean Expression Evaluation Types of access are defined by the database and are called verbs; for example, the Structured Query Language (SQL) would have the verbs Insert and Update. Each rule, corresponding to a function, is associated with one or more verbs. Whenever a subject attempts to access an object using a right (verb) r, the Boolean expression (rule) associated with r is evaluated; if it is true, access is allowed, but if it is false, access is not allowed. Access Controlled by History Statistical databases are designed to answer queries about groups of records yet not reveal information about any single specific record. (OR) Write about the Confidentiality Policies with neat examples. Goals of Confidentiality Policies A confidentiality policy, also called an information flow policy, prevents the unauthorized disclosure of information. The Bell-LaPadula Model · Simple Security Condition, Preliminary Version · -Property (Star Property), Preliminary Version · Basic Security Theorem, Preliminary Version · Example: The Data General B2 UNIX System Tranquility* The principle of tranquility states that subjects and objects may not change their security levels once they have been instantiated. Suppose that security levels of objects can be changed, and consider the effects on a system with one category and two security clearances, HIGH and LOW. The principle of strong tranquility states that security levels do not change during the lifetime of the system. The principle of weak tranquility states that security levels do not change in a way that violates the rules of a given security policy. The Controversy over the Bell-LaPadula Model The Bell-LaPadula Model became the target of inquiries into the foundations of computer security. The controversy led to a reexamination of security models and a deeper appreciation of the complexity of modeling real systems.
12.	Write about the following a) Key Exchange · The goal of key exchange is to enable Alice to communicate secretly to Bob, and vice versa, using a shared cryptographic key. Solutions to this problem must meet the following criteria. · The key that Alice and Bob are to share cannot be transmitted in the clear. Either it must be enciphered when sent, or Alice and Bob must derive it without an exhange of data from which the key can be derived. (Alice and Bob can exchange data, but a third party cannot derive the key from the data exchanged.) · Alice and Bob may decide to trust a third party (called "Cathy" here). · The cryptosystems and protocols are publicly known. The only secret data is to be the cryptographic keys involved. · Classical cryptosystems and public key cryptosystems use different protocols. b) Cryptographic Key Infrastructures A cryptographic checksum function (also called a strong hash function or a strong one-way function) h: A B is a function that has the following properties. · For any x A, h(x) is easy to compute. · For any y B, it is computationally infeasible to find x A such that h(x) = y. · It is computationally infeasible to find x, x' A, such that x x' and h(x) = h(x'). (Such a pair is called a collision.) · The third requirement is often stated as: · Given any x A, it is computationally infeasible to find another x' A such that x x' and h(x') = h(x).
13.	Write about the following Access Control Mechanisms a) Access Control Lists. Let S be the set of subjects, and R the set of rights, of a system. An access control list (ACL) l is a set of pairs l = { (s, r) : s S, r R }. Let acl be a function that determines the access control list l associated with a particular object o. The interpretation of the access control list acl(o) = { (si, ri) : 1 i n } is that subject si may access o using any right in ri. b) Locks and Keys. The locks and keys technique combines features of access control lists and capabilities. A piece of information (the lock) is associated with the object and a second piece of information (the key) is associated with those subjects authorized to access the object and the manner in which they are allowed to access the object. When a subject tries to access an object, the subject's set of keys is checked. If the subject has a key corresponding to any of the object's locks, access of the appropriate type is granted. Type Checking - Type checking restricts access on the basis of the types of the subject and object. It is a form of locks and keys access control, the pieces of information being the type. Systems use type checking in areas other than security. Sharing Secrets - A (t, n)-threshhold scheme is a cryptographic scheme in which a datum is divided into n parts, any t of which are sufficient to determine the original datum. The n parts are called shadows. (OR) Write about the Design Principles with DVD key layout examples. · The principle of open design states that the security of a mechanism should not depend on the secrecy of its design or implementation. · The principle of separation of privilege states that a system should not grant permission based on a single condition. · The principle of least common mechanism states that mechanisms used to access resources should not be shared. · The principle of psychological acceptability states that security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present.
14.	Explain the following a) Theory of Malicious Logic (10) · The types of malicious logic discussed so far are not distinct. Computer viruses are a form of Trojan horses. Computer viruses may contain logic bombs, as might computer worms. Some worms and viruses are bacteria because they absorb all the resources of some type. · Let T be a Turing machine and let V be a sequence of symbols on the machine tape. Let sv be a distinguished state of T. For every v V, when T lies at the beginning of v in tape square k, suppose that after some number of instructions are executed, a sequence v' V lies on the tape beginning at location k', where either k + \|v\| k' or k'+ \|v\| k. Then (T, V) is a viral set and the elements of V are computer viruses. · It is undecidable whether an arbitrary program contains malicious logic. b) Computer worms (6) · A computer worm is a program that copies itself from one computer to another. · The Father Christmas worm was interesting because it was a form of macro worm. (OR) Write the explanation about the Penetration Studies with example of Compromise of a Burroughs System · Logging is the recording of events or statistics to provide information about system use and performance. · A penetration study is a test for evaluating the strengths of all security controls on the computer system. The goal of the study is to violate the site security policy. A penetration study (also called a tiger team attack or red team attack) is not a replacement for careful design and implementation with structured testing. It provides a methodology for testing the system in toto, once it is in place. Unlike other testing and verification technologies, it examines procedural and operational controls as well as technological controls. Goals · A penetration test is an authorized attempt to violate specific constraints stated in the form of a security or integrity policy. This formulation implies a metric for determining whether the study has succeeded. Layering of Tests · External attacker with no knowledge of the system. · External attacker with access to the system. · Internal attacker with access to the system.
15.	Explain the following a) Electronic Communications (6) Electronic communications deserves discussion to emphasize the importance of users understanding basic security precautions. · -Automated Electronic Mail Processing · -Failure to Check Certificates · -Sending Unexpected Content b) Common Security-Related Programming Problems (10) · Structure the process so that all sections requiring extra privileges are modules. The modules should be as small as possible and should perform only those tasks that require those privileges. · Check that the process privileges are set properly. · The program that is executed to create the process, and all associated control files, must be protected from unauthorized use and modification. Any such modification must be detected. · Ensure that any assumptions in the program are validated. If this is not possible, document them for the installers and maintainers, so they know the assumptions that attackers will try to invalidate. (OR) Write about the program security and explain with Testing, Maintenance, and Operation Testing The results of testing a program are most useful if the tests are conducted in the environment in which the program will be used (the production environment). So, the first step in testing a program is to construct an environment that matches the production environment. This requires the testers to know the intended production environment. If there are a range of environments, the testers must test the programs in all of them. Often there is overlap between the environments, so this task is not so daunting as it might appear. The types of test are as follows. · Normal data tests. These tests provide unexceptional data.The data should be chosen to exercise as many paths of control through the module as possible. · Boundary data tests. These tests provide data that tests any limits to the interfaces. For example, if the module expects a string of up to 256 characters to be passed in, these tests invoke the module and pass in arrays of 255, 256, and 257 characters. · Exception tests. These tests determine how the program handles interrupts and traps. · Error handling tests. These tests assume that the called modules violate their specifications in some way. The goal of these tests is to determine how robust the caller is. If it fails gracefully, and restores the system to a safe state, then the module passes the test. Otherwise, it fails and must be rewritten. · Testing the Program Once the testers have assembled the program and its documentation, the final phase of testing begins. The testers have someone follow the installation and configuration instructions.