Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A set of questions and answers related to various security concepts and threats in the field of information assurance. Topics include discretionary access control, bell-lapadula model, zero day exploits, worms and viruses, polymorphic viruses, and buffer overflow vulnerabilities.
Typology: Assignments
1 / 3
Due April 9th, 2009 on compass assessments.
NOTE: Choices may appear in a different order on compass.
Question 5-1: (True or False): Discretionary Access Control is so called because whether or not to enforce an access control rule is at the discretion of the system administrator.
Comment: In DAC, access control rules can be modified by normal user. However, ruls are enforced at ALL times. No one can change the enforcement.
Question 5-2: (Select all that apply) The Bell-LaPadula model provides a) object confidentiality in accordance with the ordered security levels b) object authentication (e.g., the BLP model ensures that the subject who created the object is bound cryptographically to the object, and so authentication claims can be checked) c) access control based on domain (or category) of object
Comment: BLP or Biba does not provide authentication. They have to be used in conjunction with an infrastructure and an authentication scheme.
Question 5-3: (True or False): Any piece of data in the Bell-LaPadula model (with categories) can in principle be read by any subject, provided that the security level of the subject is raised to the highest security level.
Comment: The statement doesn’t consider categories (domains).
Question 5-4: (True or False): Behind the Low-Water-Mark policy is the assumption that the integrity level of a subject can be degraded by its reading of an object with a lower integrity level.
Question 5-5: (Select the one best answer): A zero day exploit is defined as a) an exploit that essentially takes no time to sweep across the Internet b) an exploit that emerges on the same day as the vulnerability it uses is announced c) an exploit that emerges before the vulnerability it exploits is widely known d) an exploit that emerges before a patch for the vulnerability it exploits is released
Question 5-6: (Select all that apply): The difference between a worm and a virus are a) a virus might attach itself to removeable media, but a worm must propagate over a network. b) the actions of virus have to be triggered by a user (inadvertently), but a worm acts on its own. c) a virus might wipe a disk clean, but a worm cannot. d) a worm is typically able to infect only a very specific version of a piece of software, whereas a virus is not dependent on the make or version of the software it infects.
Comment: Worm and virus can do any harm and can infect any or all versions. Viruses also propagate over the network (e.g., email viruses.)
Question 5-7: (True or False): A polymorphic virus is designed to evade signature scanners.
Question 5-8: (Select the one best answer): Suppose an infected host can generate infectious UDP packets at a rate of 10,000 per second. Suppose further that that host works deterministically through all Internet addresses. Then this host will have touched all other hosts in approximately a) a day b) a week c) a month d) a year
Comment: 2^32 / (10,000360024) ≈ 5 days → closest answer is about a week Note that an IPv6 address has 128 bits. Using similar calculation, it takes 1.e+27 years to scan it with this method. Comparatively, the age of the universe is about 1.4e+10 years!
Question 5-9: (Select all that apply): The speed at which a worm spreads depends on a) how fast an infected host generates scans b) the number of infectable hosts in the Internet c) the scanning strategy (e.g., random, permutation, hit-list) d) detection and defensive actions taken by internet service providers
Question 5-10: (Select all that apply): Buffer overflow vulnerabilities are reduced by a) choice of programming language to one that does array bounds checking b) use of software tools that identify where buffer overflows may occur c) rigorous checking of validity of parameters passed to service offered on the Internet d) code review
Question 5-11: (True or False): The threat of an April splash by the Conficker worm turned out to be a fizzle.
Comment: As of April 1st^. Although there may be serious damages in the future; we don’t know.