



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The Fall 2006 exam for the Computer and Network Security course at Old Dominion University. The exam covers various topics related to information security, including security models, e-business security, file permissions, and firewalls. Students are required to answer multiple-choice questions and provide solutions to problems.
Typology: Exams
1 / 7
This page cannot be seen from the preview
Don't miss anything!




(1a) [Points 15] A company has the following requirements in terms of information security. They want three departments-- -research, production, and sales--- to work quite independently and there should be no information flow between any two of them. No single individual should have access to information in more than one of these. They also have the following hierarchy in the organization: Vice-President Divisional manager Class M1 Class M2 Class M The VP would have access to all that the Divisional manager has and in addition would have some additional access rights. The same thing holds good for the rest of the hierarchy. One of the additional rights that need to be provided to a higher authority (e.g., Vice-President) is the ability to change the rights of the one below it (e.g., Divisional manager).
Based on these requirements, suggest a security model (or a combination of the security models you know) that fits their requirements. Clearly state how the proposed model will meet their requirements and describe the new model in terms of the company terminology.
Question 2. (2a) [Points 15] Given the following call structure of different assemblies, answer the following.
(i) If code in A6 calls for opening a file with write access, what permissions are checked for and which assemblies must possess these permissions? (ii) Suppose there is an Assert() statement in A3 for the above permissions, what would be your answer for (i)? What is the outcome? (iii) Suppose in addition to Assert in (ii) above, there is a Deny() in A2 for the above permissions, what would be your answer for (i)? What is the outcome?
Assemble A
Assemble A
Assemble A
Assemble A
Assemble A
Assemble A
(2b)[Points 15] Consider an organization that interacts with the outside users through a network firewall and with insiders using an (unsecured) intranet. The organization maintains several pieces of sensitive data stored in databases and files. Several applications use the data to produce results exposed to outside. The higher administration feels that “because we have a firewall, and we trust all our employees within the system, our system is very secure. There is no need to invest into security of any other kind.” Do you agree or refute this statement? Provide a detailed justification for your decision.
(3c) [Points 10]Give three example security features that may be implemented in an application-level firewall but may not be suitable at the transport layer or network layer.
(3d) [Points 10] What are DMZ (demilitarized zone) networks? What is their role in network security?