CS 472: Computer and Network Security Exam II - Prof. H. Abdel-Wahab, Exams of Cryptography and System Security

The Fall 2006 exam for the Computer and Network Security course at Old Dominion University. The exam covers various topics related to information security, including security models, e-business security, file permissions, and firewalls. Students are required to answer multiple-choice questions and provide solutions to problems.

Typology: Exams

2019/2020

Uploaded on 11/25/2020

koofers-user-cej
koofers-user-cej 🇺🇸

5

(1)

10 documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS 472: Computer and Network Security
Fall 2006
Examination II
Points: 100
November 11, 2006
Time: 1:00-4:00 PM
OPEN BOOK
Turning in this exam under your name confirms your continued support for the
honor code of Old Dominion University and further indicates that you have
neither received nor given assistance in completing it.
Name: _________________________________
CS Unix ID: [email protected]
Question #
Points
Maximum
Obtained
1
30
2
30
3
40
Total
100
SHOW YOUR WORK
pf3
pf4
pf5

Partial preview of the text

Download CS 472: Computer and Network Security Exam II - Prof. H. Abdel-Wahab and more Exams Cryptography and System Security in PDF only on Docsity!

CS 472: Computer and Network Security

Fall 2006

Examination II

Points: 100

November 11, 2006

Time: 1:00-4:00 PM

OPEN BOOK

Turning in this exam under your name confirms your continued support for the

honor code of Old Dominion University and further indicates that you have

neither received nor given assistance in completing it.

Name: _________________________________

CS Unix ID: [email protected]

Question # Points

Maximum Obtained

Total 100

SHOW YOUR WORK

Question 1.

(1a) [Points 15] A company has the following requirements in terms of information security. They want three departments-- -research, production, and sales--- to work quite independently and there should be no information flow between any two of them. No single individual should have access to information in more than one of these. They also have the following hierarchy in the organization: Vice-President  Divisional manager  Class M1  Class M2  Class M The VP would have access to all that the Divisional manager has and in addition would have some additional access rights. The same thing holds good for the rest of the hierarchy. One of the additional rights that need to be provided to a higher authority (e.g., Vice-President) is the ability to change the rights of the one below it (e.g., Divisional manager).

Based on these requirements, suggest a security model (or a combination of the security models you know) that fits their requirements. Clearly state how the proposed model will meet their requirements and describe the new model in terms of the company terminology.

Question 2. (2a) [Points 15] Given the following call structure of different assemblies, answer the following.

(i) If code in A6 calls for opening a file with write access, what permissions are checked for and which assemblies must possess these permissions? (ii) Suppose there is an Assert() statement in A3 for the above permissions, what would be your answer for (i)? What is the outcome? (iii) Suppose in addition to Assert in (ii) above, there is a Deny() in A2 for the above permissions, what would be your answer for (i)? What is the outcome?

Assemble A

Assemble A

Assemble A

Assemble A

Assemble A

Assemble A

(2b)[Points 15] Consider an organization that interacts with the outside users through a network firewall and with insiders using an (unsecured) intranet. The organization maintains several pieces of sensitive data stored in databases and files. Several applications use the data to produce results exposed to outside. The higher administration feels that “because we have a firewall, and we trust all our employees within the system, our system is very secure. There is no need to invest into security of any other kind.” Do you agree or refute this statement? Provide a detailed justification for your decision.

(3c) [Points 10]Give three example security features that may be implemented in an application-level firewall but may not be suitable at the transport layer or network layer.

(3d) [Points 10] What are DMZ (demilitarized zone) networks? What is their role in network security?