CS9224 INFORMATION SECURITY
ANSWER KEY
PART-A
1.
|
List
out the security services.
The
three security services—confidentiality, integrity, and availability—counter
threats to the security of a system. Shirey divides threats into four broad
classes: disclosure, or unauthorized access to information; deception, or
acceptance of false data; disruption, or interruption or prevention of
correct operation; and usurpation, or unauthorized control of some part of a
system. These four broad classes encompass many common threats.
|
2.
|
Define
the snooping and spoofing.
·
Snooping, the unauthorized
interception of information, is a form of disclosure. It is passive,
suggesting simply that some entity is listening to (or reading) communications
or browsing through files or system information.
·
Masquerading or spoofing, an
impersonation of one entity by another, is a form of both deception and
usurpation.
|
3.
|
Write
the cryptographic checksum function properties.
A cryptographic checksum function
(also called a strong hash function or a strong one-way function) h: A B is a function that has the following
properties.
·
For any x A, h(x) is easy to compute.
·
For any y B, it is computationally infeasible to find
x A such that h(x) = y.
·
It is computationally infeasible to
find x, x' A, such that x x' and h(x) = h(x'). (Such a pair is called
a collision.)
The third requirement is often
stated as:
·
Given any x A, it is computationally infeasible to find
another x' A such that x x' and h(x') = h(x).
|
4.
|
What
is Session and Interchange Keys?
·
An interchange key is a cryptographic
key associated with a principal to a communication.
·
A session key is a cryptographic key
associated with the communication itself.
|
5.
|
Distinguish
between principle of least privilege and principle of fail-safe defaults.
·
The
principle of least privilege states that a subject should be given only those
privileges that it needs in order to complete its task.
·
The
principle of fail-safe defaults states that, unless a subject is given
explicit access to an object, it should be denied access to that object.
|
6.
|
Define
Certification authorities issuance policy and
confinement problem.
Access control affects the function
of the server in two ways.
·
The server must ensure that the
resources it accesses on behalf of the client include only those resources
that the client is authorized to access.
·
The server must ensure that it does
not reveal the client's data to any other entity not authorized to see the
client's data.
|
7.
|
What
is Malicious logic and Trojan horse?
·
Malicious logic is a set of
instructions that cause a site's security policy to be violated.
·
A Trojan horse is a program with an
overt (documented or known) effect and a covert (undocumented or unexpected) effect.
|
8.
|
Short
note on computer virus and boot sector infector.
·
A computer virus is a program that
inserts itself into one or more files and then performs some (possibly null)
action.
·
A boot sector infector is a virus that
inserts itself into the boot sector of a disk.
|
9.
|
Write
the goals of the Drib's security policy.
The goals of the Drib's security
policy are to be as follows.
·
Data related to company plans is to be
kept secret. In particular, sensitive corporate data, such as data involved
in developing potential products, is to be available only to those who need
to know.
·
When a customer provides data (such as
a credit card number) to the Drib as part of a purchase, the data, and all
information about the customer, are to be available only to those who fill
the order. Company analysts may obtain statistics about a number of orders
for plannning purposes.
·
Releasing sensitive data requires the
consent of the company's officials and lawyers.
|
10.
|
Short
note on Anticipating Attacks.
In spite of the measures outlined
above, the Drib security officers realize that their network and systems
might be compromised through unanticipated means. They have taken steps to
prepare for, and handle, such attacks.
|
PART-B
11
|
Write
an overview of Computer Security with neat examples.
Confidentiality
·
Confidentiality is the concealment of
information or resources.
Integrity
·
Integrity refers to the
trustworthiness of data or resources, and it is usually phrased in terms of
preventing improper or unauthorized change.
Availability
·
Availability refers to the ability to
use the information or resource desired.
|
12.
|
Explain
the following
a) Classical Cryptosystems.
·
Classical cryptosystems (also called
single-key or symmetric cryptosystems) are cryptosystems that use the same
key for encipherment and decipherment. In these systems, for all Ek C and k
K, there is a Dk D such that Dk
= Ek–1.
Transposition Ciphers
·
A transposition cipher rearranges the
characters in the plaintext to form the ciphertext. The letters are not
changed.
Substitution Ciphers
·
A substitution cipher changes
characters in the plaintext to produce the ciphertext.
Vigenère Cipher
·
A longer key might obscure the
statistics.
b) Public Key Cryptography.
·
Because one key is public, and its
complementary key must remain secret, a public key cryptosystem must meet the
following three conditions.
·
It must be computationally easy to
encipher or decipher a message given the appropriate key.
·
It must be computationally infeasible
to derive the private key from the public key.
·
It must be computationally infeasible
to determine the private key from a chosen plaintext attack.
·
The first cipher to meet these
requirements generates a shared session key. The second one provides both
secrecy and authentication.
(OR)
Write
about the Stream and Block Ciphers and Networks and Cryptography
Let E be an encipherment algorithm,
and let Ek(b) be the encipherment of message b with key k. Let a message m =
b1b2 …, where each bi is of a fixed length. Then a block cipher is a cipher for
which Ek(m) = Ek(b1)Ek(b2) ….
An n-stage linear feedback shift
register (LFSR) consists of an n-bit register r = r0…rn–1 and an n-bit tap
sequence t = t0…tn–1. To obtain a key bit, r0 is used, the register is
shifted one bit to the right, and the new bit r0t0…rn–1tn–1 is inserted.
|
13.
|
Write
about the Design Principles with DVD key layout examples.
·
The principle of open design states
that the security of a mechanism should not depend on the secrecy of its
design or implementation.
·
The principle of separation of
privilege states that a system should not grant permission based on a single
condition.
·
The principle of least common
mechanism states that mechanisms used to access resources should not be
shared.
·
The principle of psychological
acceptability states that security mechanisms should not make the resource
more difficult to access than if the security mechanisms were not present.
(OR)
Write
about the following Access Control Mechanisms.
a)
Access
Control Lists.
Let S be the set of subjects,
and R the set of rights, of a system. An access control list (ACL) l is a set
of pairs l = { (s, r) : s S, r R }. Let acl be a function that determines
the access control list l associated with a particular object o. The
interpretation of the access control list acl(o) = { (si, ri) : 1 i n
} is that subject si may access o using any right in ri.
b)
Locks and Keys.
The locks and keys
technique combines features of access control lists and capabilities. A piece
of information (the lock) is associated with the object and a second piece of
information (the key) is associated with those subjects authorized to access
the object and the manner in which they are allowed to access the object.
When a subject tries to access an object, the subject's set of keys is
checked. If the subject has a key corresponding to any of the object's locks,
access of the appropriate type is granted.
Type
Checking - Type checking restricts access on the basis of the
types of the subject and object. It is a form of locks and keys access
control, the pieces of information being the type. Systems use type checking
in areas other than security.
Sharing
Secrets - A (t, n)-threshhold scheme is a cryptographic scheme
in which a datum is divided into n parts, any t of which are sufficient to
determine the original datum. The n parts are called shadows.
|
14.
|
What
is computer virus and explain about all the types of computer viruses.
·
A boot
sector infector is a virus that inserts itself into the boot sector of a
disk.
·
An executable infector is a virus that infects executable programs.
·
A multipartite
virus is one that can infect either boot sectors or applications.
·
A terminate
and stay resident (TSR) virus is one that stays active (resident) in
memory after the application (or bootstrapping, or disk mounting) has
terminated.
·
Stealth
viruses are viruses that conceal the infection of files.
·
A polymorphic
virus is a virus that changes its form each time it inserts itself into
another program.
(OR)
Write
the following auditing.
a)
Designing
an Auditing System.
·
Logging is the recording of events or
statistics to provide information about system use and performance.
·
Auditing is the analysis of log
records to present information about the system in a clear and understandable
manner.
·
Logger
·
Logging mechanisms record information.
The type and quantity of information are dictated by system or program
configuration parameters. The mechanisms may record information in binary or
human-readable form or transmit it directly to an analysis mechanism.
·
Analyzer
·
An analyzer takes a log as input and
analyzes it. The results of the analysis may lead to changes in the data
being recorded, to detection of some event or problem, or both.
·
Notifier
·
The analyzer passes the results of the
analysis to the notifier. The notifier informs the analyst, and other
entities, of the results of the audit. The entities may take some action in
response to these results.
·
An anonymizing sanitizer deletes
information in such a way that it cannot be reconstructed by either the
recipient or the originator of the data in the log. A pseudonymizing
sanitizer deletes information in such a way that the originator of the log can
reconstruct the deleted information.
·
A state-based logging mechanism
records information about a system's state. A state-based auditing mechanism
determines whether or not a state of the system is unauthorized.
·
A transition-based logging mechanism
records information about an action on a system. A transition-based auditing
mechanism examines the current state of the system and the proposed
transition (command) to determine if the result will place the system in an
unauthorized state.
|
15.
|
Write
about the user security and explain with Files and Devices.
Files
·
Users must protect confidentiality and
integrity of the files to satisfy policy component U2. To this end, they use
the protection capabilities of the system to constrain access. Complicating
the situation are the interpretation of permissions on the containing
directories.
·
A direct alias is a directory entry
that points to (names) the file. An indirect alias is a directory entry that
points to a special file containing the name of the target file. The
operating system interprets the indirect alias by substituting the contents
of the special file for the name of the indirect alias file.
·
A
smart terminal provides built-in mechanisms for performing special
functions.
(OR)
Explain
the following system security.
a) Authentication
Authentication
binds the identity of the user to processes. Incorrect or compromised
authentication leads to security problems. In this section, we consider the
authentication techniques used in the two systems.
b) Retrospective
The
Web Server System in the DMZ
·
The Web server on the DMZ Web server
system runs a minimal set of services. It keeps everything possible on
unalterable media.
The
Development System
·
The development system also runs a
minimal set of programs and services.
|
ANSWERKEY
PART-A
1.
|
List
out the Goals of Security
·
Prevention means that an attack will
fail.
·
Detection is most useful when an
attack cannot be prevented, but it can also indicate the effectiveness of
preventative measures.
·
Recovery has two forms.
|
2.
|
Draw
the security life cycle.
|
3.
|
What
is HMAC (Hash Message Authentication Code)?
HMAC is a generic term for an
algorithm that uses a keyless hash function and a cryptographic key to
produce a keyed hash function. This mechanism enables Alice to validate that
data Bob sent to her is unchanged in transit. Without the key, anyone could
change the data and recompute the message authentication code, and Alice
would be none the wiser.
|
4.
|
Short
note on Precomputing the Possible Messages
Simmons discusses the use of a
"forward search" to decipher messages enciphered for confidentiality
using a public key cryptosystem. His approach is to focus on the entropy
(uncertainty) in the message.
|
5.
|
State
the principle of economy of mechanism with example.
One factor in evaluating a
system's security is its complexity. If the design, implementation, or
security mechanisms are highly complex, then the likelihood of security
vulnerabilities increases.
|
6.
|
Define
Certification authorities authentication policy and
virtual machine.
A virtual machine is a program
that simulates the hardware of a (possibly abstract) computer system.
|
7.
|
Short
note on executable infector and viruses
·
A computer virus is a program that
inserts itself into one or more files and then performs some (possibly null)
action.
·
An executable infector is a virus that
infects executable programs.
|
8.
|
Write
the comparison between formal verification and penetration testing.
A penetration test is an
authorized attempt to violate specific constraints stated in the form of a
security or integrity policy. This formulation implies a metric for
determining whether the study has succeeded.
|
9.
|
Short
note on TCP State and Memory Allocations.
·
This approach springs from the way in
which most TCP servers are implemented. When a SYN packet is received, the
server creates an entry in a data structure of pending connections and then
sends the SYN/ACK packet.
·
The entry remains until either a
corresponding ACK is received or a time-out occurs. In the former case, the
connection is completed; in the latter case, a new entry for the next SYN
packet is created. Under a SYN flood, the data structure is kept full of
entries that never move to the connected state.
|
10.
|
List
out the components of users' policies.
The components of users' policies
that we focus on are as follows.
U1. Only users have
access to their accounts.
U2. No other user can
read or change a file without the owner's permission.
U3. Users shall protect
the integrity, confidentiality, and availability of their files.
U4. Users shall be aware
of all commands that they enter, or that are entered on their behalf.
|
PART-B
11.
|
Explain
about the Access Control Matrix and explain with their model.
The simplest framework for
describing a protection system is the access control matrix model, which
describes the rights of users over files in a matrix.
Access
Control by Boolean Expression Evaluation
Types of access are defined by
the database and are called verbs; for example, the Structured Query Language
(SQL) would have the verbs Insert and Update. Each rule, corresponding to a
function, is associated with one or more verbs. Whenever a subject attempts
to access an object using a right (verb) r, the Boolean expression (rule)
associated with r is evaluated; if it is true, access is allowed, but if it
is false, access is not allowed.
Access
Controlled by History
Statistical databases are designed
to answer queries about groups of records yet not reveal information about
any single specific record.
(OR)
Write
about the Confidentiality Policies with neat examples.
Goals
of Confidentiality Policies
A confidentiality policy, also
called an information flow policy, prevents the unauthorized disclosure of
information.
The
Bell-LaPadula Model
·
Simple Security Condition, Preliminary
Version
·
*-Property (Star Property),
Preliminary Version
·
Basic Security Theorem, Preliminary
Version
·
Example: The Data General B2 UNIX
System
Tranquility
The principle of tranquility
states that subjects and objects may not change their security levels once
they have been instantiated. Suppose that security levels of objects can be
changed, and consider the effects on a system with one category and two
security clearances, HIGH and LOW.
The principle of strong
tranquility states that security levels do not change during the lifetime of
the system.
The principle of weak
tranquility states that security levels do not change in a way that violates
the rules of a given security policy.
The
Controversy over the Bell-LaPadula Model
The Bell-LaPadula Model became
the target of inquiries into the foundations of computer security. The
controversy led to a reexamination of security models and a deeper
appreciation of the complexity of modeling real systems.
|
12.
|
Write
about the following
a) Key Exchange
·
The goal of key exchange is to enable
Alice to communicate secretly to Bob, and vice versa, using a shared
cryptographic key. Solutions to this problem must meet the following
criteria.
·
The key that Alice and Bob are to
share cannot be transmitted in the clear. Either it must be enciphered when
sent, or Alice and Bob must derive it without an exhange of data from which
the key can be derived. (Alice and Bob can exchange data, but a third party
cannot derive the key from the data exchanged.)
·
Alice and Bob may decide to trust a
third party (called "Cathy" here).
·
The cryptosystems and protocols are
publicly known. The only secret data is to be the cryptographic keys
involved.
·
Classical cryptosystems and public key
cryptosystems use different protocols.
b) Cryptographic Key Infrastructures
A cryptographic checksum
function (also called a strong hash function or a strong one-way function) h:
A B is a function that has the
following properties.
·
For any x A, h(x) is easy to compute.
·
For any y B, it is computationally infeasible to find
x A such that h(x) = y.
·
It is computationally infeasible to
find x, x' A, such that x x' and h(x) = h(x'). (Such a pair is called
a collision.)
·
The third requirement is often stated
as:
·
Given any x A, it is computationally infeasible to find
another x' A such that x x' and h(x') = h(x).
|
13.
|
Write
about the following Access Control Mechanisms
a)
Access
Control Lists.
Let S be the set of
subjects, and R the set of rights, of a system. An access control list (ACL)
l is a set of pairs l = { (s, r) : s S,
r R }. Let acl be a function that
determines the access control list l associated with a particular object o.
The interpretation of the access control list acl(o) = { (si, ri) : 1 i n
} is that subject si may access o using any right in ri.
b)
Locks and Keys.
The locks and keys
technique combines features of access control lists and capabilities. A piece
of information (the lock) is associated with the object and a second piece of
information (the key) is associated with those subjects authorized to access
the object and the manner in which they are allowed to access the object.
When a subject tries to access an object, the subject's set of keys is
checked. If the subject has a key corresponding to any of the object's locks,
access of the appropriate type is granted.
Type
Checking - Type checking restricts access on the basis of the
types of the subject and object. It is a form of locks and keys access
control, the pieces of information being the type. Systems use type checking
in areas other than security.
Sharing
Secrets - A (t,
n)-threshhold scheme is a cryptographic scheme in which a datum is divided
into n parts, any t of which are sufficient to determine the original datum.
The n parts are called shadows.
(OR)
Write
about the Design Principles with DVD key layout examples.
·
The principle of open design states
that the security of a mechanism should not depend on the secrecy of its
design or implementation.
·
The principle of separation of
privilege states that a system should not grant permission based on a single
condition.
·
The principle of least common
mechanism states that mechanisms used to access resources should not be
shared.
·
The principle of psychological
acceptability states that security mechanisms should not make the resource
more difficult to access than if the security mechanisms were not present.
|
14.
|
Explain
the following
a)
Theory
of Malicious Logic (10)
·
The types of malicious logic discussed
so far are not distinct. Computer viruses are a form of Trojan horses.
Computer viruses may contain logic bombs, as might computer worms. Some worms
and viruses are bacteria because they absorb all the resources of some type.
·
Let T be a Turing machine and let V be
a sequence of symbols on the machine tape. Let sv be a distinguished state of
T. For every v V, when T lies at the
beginning of v in tape square k, suppose that after some number of
instructions are executed, a sequence v'
V lies on the tape beginning at location k', where either k + |v| k' or k'+ |v| k. Then (T, V) is a viral set and the
elements of V are computer viruses.
·
It is undecidable whether an arbitrary
program contains malicious logic.
b)
Computer
worms (6)
·
A computer worm is a program that
copies itself from one computer to another.
·
The Father Christmas worm was interesting
because it was a form of macro worm.
(OR)
Write
the explanation about the Penetration Studies with example of Compromise of a
Burroughs System
·
Logging is the recording of events or
statistics to provide information about system use and performance.
·
A penetration study is a test for
evaluating the strengths of all security controls on the computer system. The
goal of the study is to violate the site security policy. A penetration study
(also called a tiger team attack or red team attack) is not a replacement for
careful design and implementation with structured testing. It provides a
methodology for testing the system in toto, once it is in place. Unlike other
testing and verification technologies, it examines procedural and operational
controls as well as technological controls.
Goals
·
A penetration test is an authorized
attempt to violate specific constraints stated in the form of a security or
integrity policy. This formulation implies a metric for determining whether
the study has succeeded.
Layering
of Tests
·
External attacker with no knowledge of
the system.
·
External attacker with access to the
system.
·
Internal attacker with access to the
system.
|
15.
|
Explain
the following
a) Electronic Communications (6)
Electronic communications
deserves discussion to emphasize the importance of users understanding basic
security precautions.
·
-Automated Electronic Mail Processing
·
-Failure to Check Certificates
·
-Sending Unexpected Content
b) Common Security-Related Programming
Problems (10)
·
Structure the process so that all
sections requiring extra privileges are modules. The modules should be as
small as possible and should perform only those tasks that require those
privileges.
·
Check that the process privileges are
set properly.
·
The program that is executed to create
the process, and all associated control files, must be protected from
unauthorized use and modification. Any such modification must be detected.
·
Ensure that any assumptions in the
program are validated. If this is not possible, document them for the
installers and maintainers, so they know the assumptions that attackers will
try to invalidate.
(OR)
Write
about the program security and explain with Testing, Maintenance, and
Operation
Testing
The results of testing a program
are most useful if the tests are conducted in the environment in which the
program will be used (the production environment). So, the first step in
testing a program is to construct an environment that matches the production
environment. This requires the testers to know the intended production
environment. If there are a range of environments, the testers must test the
programs in all of them. Often there is overlap between the environments, so
this task is not so daunting as it might appear.
The
types of test are as follows.
·
Normal
data tests. These tests provide unexceptional data.The
data should be chosen to exercise as many paths of control through the module
as possible.
·
Boundary
data tests. These tests provide data that tests any
limits to the interfaces. For example, if the module expects a string of up
to 256 characters to be passed in, these tests invoke the module and pass in
arrays of 255, 256, and 257 characters.
·
Exception
tests. These tests determine how the program handles
interrupts and traps.
·
Error
handling tests. These tests assume that the called modules
violate their specifications in some way. The goal of these tests is to
determine how robust the caller is. If it fails gracefully, and restores the
system to a safe state, then the module passes the test. Otherwise, it fails
and must be rewritten.
·
Testing
the Program
Once the testers have assembled the
program and its documentation, the final phase of testing begins. The testers
have someone follow the installation and configuration instructions.
|
No comments:
Post a Comment