In: Advanced Math
IS623 practice
Short Answer Questions
Suppose you have a secure system with three subjects and three...
IS623 practice
Short Answer Questions
- Suppose you have a secure system with three subjects and three
objects, with levels as listed below. (10
points)
Here H dominates L. You wish to
implement a Bell and LaPadula model of security for this system.
Fill in the access rights (R and/or W) permitted by the model for
each subject/object pair in the access matrix below:
|
Obj1
|
Obj2
|
Obj3
|
Subj1
|
|
|
|
Subj2
|
|
|
|
Subj3
|
|
|
|
Type
|
Name
|
Level
|
Object
|
Obj1
|
(H, {A})
|
Object
|
Obj2
|
(L, {B})
|
Object
|
Obj3
|
(L, {A,B})
|
Subject
|
Subj1
|
(L, {A,B})
|
Subject
|
Subj2
|
(H,{B})
|
Subject
|
Subj3
|
(H,{A,B,C})
|
- Suppose a department has determined that some users have gained
unauthorized access to the computing system. Managers fear the
intruders might intercept or even modify sensitive data on the
system. Cost to reconstruct correct data is expected to be
$2,000,000 with 5% likelihood per year.
One approach to addressing this
problem is to install a more secure data access control problem.
The cost of access control software is is $50,000 with 80%
effectiveness. Here is the summary of risk and control:
- Cost to reconstruct correct data = $2,000,000 with 5%
likelihood per year
- Effectiveness of access control software: 80%
- Cost of access control software: $50,000
Determine the expected annual costs
due to loss and controls. Also, determine whether the costs
outweigh the benefits of preventing or mitigating the risks.
(5 points)
- Suppose your data’s binary stream is 1110101. What is the XOR
result with the bit stream of 1111111? (2
points)
- Suppose the following:
- James’ public key = Kj, James’ private key =
Kj-1
- Randy’s public key = Kr, Randy’s private key =
Kr-1
- Each person’s public key is known to others; Each one’s private
key is only known to the owner
- Explain how Randy can send a plaintext P to James secretly
(2 points)
- Explain how James can verify if a plaintext P is sent from
Randy (2 points)
- Explain how Randy can verify if a plaintext P is sent from
James and at the same time P is sent secretly from James to Randy.
(2 points)