User Account

All Pages

Describe fundamental principles in both the bell-lapadula

Assignment Help Management Information Sys
Reference no: EM131274807

Part 1: Determine if the following statements are True or False.

1. An agent in Clock-Wilson Model(CWM) should also have the execute rights regarding anentity after the agent is permitted to certify that entity.

2. Since physical security is often managed under separate responsibility from information security, however, risk analysis for information security still needs to address physical security.

3. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.Answer:

4. With unlimited resources and security controls, it is possible to reduce risk to zero.

5. Viruses infect executable files and hardware as well.

6. Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

7. The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.

8. Traditional RBAC systems define the access rights of individual users and groups of users.

9. Some process of managed downgrading of information is needed to restore reasonable classification levels.

10. A BLP model breaks down when low classified executable data are allowed to be executed by a high clearance subject.

11. The secret key is input to the encryption algorithm.

12. Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits.

13. The advantage of a stream cipher is that you can reuse keys.

14. Like the MAC, a hash function also takes a secret key as input.

15. The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.

16. Public-key cryptography is asymmetric.

17. Public-key algorithms are based on simple operations on bit patterns.

18. A token is the best means of authentication because it cannot be forged or stolen by an adversary.

19. User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.

20. A good technique for choosing a password is to use the first letter ofeach word of a phrase.

21. Memory cards store and process data.

22. Depending on the application, user authentication on a biometricsystem involves either verification or identification.

23. An individual's signature is not unique enough to use in biometricapplications.

24. A smart card contains an entire microprocessor.

25. Access control is the central element of computer security.

26. The authentication function determines who is trusted for a given purpose.

27. An auditing function monitors and keeps a record of user accesses to system resources.

28. External devices such as firewalls cannot provide access control services.

29. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.

30. A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed.

Part 2: Short Answers. Please answer briefly and completely, and you must cite all sources of information if any.

1. Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.

2. Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Ann's private and public keys respectively. The same for Bill (Billpriv and Billpub).

(a) If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)?

(b) Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authenticity)?

(c) Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer.

3. Assume that passwords are limited to the use of the 95 printable ASCII characters and that all passwords are 12 characters in length. Assume a password cracker with an encryption rate of 10 giga encryptions per second. How many years will it take to test exhaustively all possible passwords on a UNIX system? Note you need to show the procedures of calculation step by step as well.

Reference no: EM131274807

Questions Cloud

Discuss what you discovered about contingency planning : Discuss what you discovered about contingency planning. Discuss how creativity and critical thinking relate to contingency planning. Explain how you might integrate creativity into your own planning process.
Define the primary estates in land : Define the primary estates in land.- Explain the circumstances under which each of the following types of ownership would be most desirable.
Create a class called employee that includes three variables : (Employee Class) Create a class called Employee that includes three instance variables-a first name (type String), a last name (type String) and a monthly salary (double).
Program should be seen as command like processing : A program is to be made such that the process done inside the program should be seen as command like processing, finding etc. Please do specify every shortcuts and you can apply any design as you want.
Describe fundamental principles in both the bell-lapadula : Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of t..
What way your proposed business action is an innovative idea : Describe in what way your proposed business action is an innovative idea. Explain why you think this idea will benefit the business in terms of return of investment (ROI).
Explanation of the conditions that make systems : Research a specific buffer overflow attack technique of your choice.  This should be a technique that has been actively exploited in the past 5 years or is still a current threat. Prepare a presentation on the attack that includes at least the fol..
Explore best possible options for evaluating strategic plan : Determine the best possible options for evaluating the strategic plan. Develop methods to monitor and control your proposed strategic plan, being sure to analyze how measures will advance organizational goals financially and operationally.
Develop a 600-word analysis of the international economy : Develop a 600-word analysis of the international economy and Products that have provided the country an absolute advantage in trade (if any)

Reviews

Write a Review

Management Information Sys Questions & Answers

  Discuss information systems-insurance

Information Systems-Insurance - Discuss with your classmates your thoughts about why these users might be getting such poor response.

  How can you use information technology to hel track

How can you use information technology to hel track, measure and adjust control oriented information in an organization

  Hwo much would you pay for maddy computer company using the

hwo much would you pay for maddy computer company using the earnings multiplies model?you have been reading about maddy

  Trends of technology for dect cordless phones

Analysis of the trends of technology for DECT Cordless phones - An analysis of the trends of technology that could be used to communicate value

  Who should be responsible for security

Who should be responsible for security- the government or individuals? Why do you think that?

  Elaborate on the trend of interoperability of health care

Elaborate on the trend of interoperability of health care management information systems - Determine a significant challenge that health care organizations will face when creating an interoperable system.

  Powerpoint presentation of technologyin this assignment

powerpoint presentation of technologyin this assignment take a few minutes to contemplate the world of business as you

  Discuss the role of communication in being a professional

Identify one or two forms of communication apprehension you have experienced on the job. Explain at least two strategies to overcome the communication apprehension. Discuss the role of communication in being a professional.

  Prepare a research paper on a strategic management

Conceiving to success of the business - methodology and prepare a research paper on a strategic management related topic

  It softwarehardwarecase scenariomy ceo wants to know why

it softwarehardwarecase scenariomy ceo wants to know why expensive it softwarehardware are needed in the retail store.

  Coding standards and testingaccording to the 2005 article

coding standards and testingaccording to the 2005 article fit software tests to code needs why are coding standards

  Database management approach over file processing

Compare the advantages of a database management approach over file processing approach for storing large amounts of data

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd