User Account

All Pages

Classify vulnerability using the risos model

Assignment Help Computer Network Security
Reference no: EM13187376 , Length: 1250 Words

Answer the following questions.

1) A company develops a new security product using the extreme programming software development methodology. Programmers code, then test, the en add more code, then test, and continue this iteration. Every day they test the code base as a whole. The programmers work in pairs when writing code to ensure that at least two people review the code. How would you explain to this company how their software is in fact not high assurance" software?

2) Consider how a system with capabilities as its access control mechanism could deal with Trojan Horses.

A) In general, do capabilities offer more or less protection against Trojan horses than do access control lists? Justify your answer in light of the theoretical equivalence of ACLs and C-Lists
B) Consider now the inheritance of properties of new processes. If the creator controls which capabilities the created process is given initially, how could the creator limit a damage that a Trojan Horse will do?

C) Can capabilities protect against all Trojan Horses? Either show that they can or describe a Trojan horse process that can C-Lists cannot protect against

3) Assume that the Clark -Wilson model is implemented on a computer system. Could a computer virus that scrambled constrained data items be introduced into the system? Why or why not? Specifically, if not identify the precise control that would prevent the virus from being introduced, and explain why it would prevent the virus from being introduced; if yes identify the specific control or controls that would allow the virus to be introduced and explain why they fail to keep it out.

4) Classify the following vulnerabilities using the RISOS model. Assume that the classification is for the implementation level. Justify your answer:

a)The presence of the wiz command in the sendmail program

b) The failure to handle the IFS shell variable by loadmodule

c) The failure to select an Administrator password that was difficult to guess

d)The failure of the Burroughs system to detect offline changes to files

5) A common error in the UNIX system occurs during configuration of bind, a directory name server. The time-to-expire field is set at 0.5 because the administrator believes that this field unit is minutes (and wishes to set the time to 30 seconds) However, bind expects the field to be in seconds and reads the value as 0 - meaning that no data is ever expired.

a) Classify this vulnerability using the RISOS model, and justify your answer

b) Classify this vulnerability using the PA model and justify your answer

c) Classify this vulnerability using the Aslam's model and justify your answer

6) Essay Question:Secure software certification. Your present company is at EAL4. You are the new program manager on this effort and your job is to bring your present software secure package to EAL7. Explain to me your management plan on upgrading your present software package from EAL4 to EAL7. Your management plan should include discussing your past documentation (assignment#2), the difference between EAL4 and EAL7, what additional paperwork will be needed to reach EAL7 certification, and finally, define your risk based on reusing software code for this migration from EAL4 to EAL7 certification.

Reference no: EM13187376

Questions Cloud

Characteristic of the humid eastern united states : A soil that is characteristic of the humid eastern United States is _____.
How much will it cost to build a 90-foot tower : That is, the next ten feet will cost $125; the next ten feet will cost $150, etc. How much will it cost to build a 90-foot tower?"
Define a water treatment plant and total filter area : A water treatment plant has a flowrate of 6,000 m3/d. Determine the following (assume filtration rate is 60 m3/d-m2): a. Total filter area
Why the loss on version z : A can manufacturing company produces and sells three different types of cans:Versions X, Y, and Z. A high-level, simplified profit/loss statement for the company is provided here. Corporate overhead(rent, general and administrative expense,etc.) i..
Classify vulnerability using the risos model : Classify this vulnerability using the RISOS model, classify this vulnerability using the PA model and justify your answer
Determine the fertilizer n use efficiency of a cro : Determine the fertilizer N use efficiency of a cro of pigeon peas if the N application rate of fertilizer was175 kg/ha and its 15N abundance was 8.5%.
Explain vinylic hydrogens and no allylic hydrogens : Give the structures of a hydrocarbon that has six carbon atoms and a) three vinylic hydrogens and two allylic hydrogens b) three vinylic hydrogens and no allylic hydrogens
How much debt would be assigned to each individual : who were over age 18 was approximately 2.28 x ?10?^8 people if the national debt were evently didvided among every person over age 18 in the country how much debt would be assigned to each individual? Round to three significant digits.
Explain projection formulas for the conformations : Draw the Newman projection formulas for the conformations of 2- methylbutane that are obtained by looking down the C2-C3 bond. Rank then oorder of relative stability

Reviews

Write a Review

 

Computer Network Security Questions & Answers

  Responsibility of confidentiality to previous employer

You have taken a job with a software user who has contracted your previous employer to develop a system for them. However, you have also a responsibility of confidentiality to your previous employer.

  What password protection measures taken system administrator

What password protection measures are normally implemented by system administrators, operating systems, and security services? Describe the pros and cons of enabling audits of resource accesse

  Symmetric encryption algorithms

block cipher and a stream cipher, Caesar cipher, cryptanalytic attacks, mono alphabetic cipher and a poly alphabetic cipher, Mix Columns, Add Round key, PGP services, traffic padding, contrast link and end-to-end encryption

  Question about systems analysis

The owners of a store are looking for a lighted sign that could be mounted outside the store. The lights in the sign should be turned on when the outdoor light level falls given below a level defined through the owners.

  Question about virtue ethics

Based on virtue ethics, the right action to take in a particular situation is the action that a person with a strong moral character would take.

  Explaining asymmetric encryption algorithms

Using only asymmetric encryption algorithms, describe a process that would allow Alice to send a message that can only be read by Bob. You should include any steps taken by Bob that allow him to read the message.

  Explain security model of class using cnss model

suppose that the security model is required for protection of your class. Using CNSS model, examine each of the cells and write a short statement.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Describe diffie-hellman algorithm to exchange shared key

User A and B use Diffie-Hellman algorithm to exchange a shared key and generate public keys of their own. Consider a common prime number q=71If user A has private key=5, what is A's public key?

  Computing the value of shared secret key

You begin the session by sending Bob your calculated value of TA. Bob responds by sending you the value TB = 291. What is the value of your shared secret key?

  Decrypt cipher-text by using secret key

Decrypt the cipher-text c = 12 by using secret key sk = (p, q) = (11, 13), where te corresponding public key is pk = (N, e) = (143, 13).

  Explaining wan links for point-to-point home office address

Servers, administrative and support users 2 subnets with 50 hosts for faculty & student labs 10 or more WAN links for point-to-point home office address. Design the subnet?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd