User Account

All Pages

Describe fundamental principles in both the bell-lapadula

Assignment Help Management Information Sys
Reference no: EM131274807

Part 1: Determine if the following statements are True or False.

1. An agent in Clock-Wilson Model(CWM) should also have the execute rights regarding anentity after the agent is permitted to certify that entity.

2. Since physical security is often managed under separate responsibility from information security, however, risk analysis for information security still needs to address physical security.

3. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.Answer:

4. With unlimited resources and security controls, it is possible to reduce risk to zero.

5. Viruses infect executable files and hardware as well.

6. Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

7. The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.

8. Traditional RBAC systems define the access rights of individual users and groups of users.

9. Some process of managed downgrading of information is needed to restore reasonable classification levels.

10. A BLP model breaks down when low classified executable data are allowed to be executed by a high clearance subject.

11. The secret key is input to the encryption algorithm.

12. Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits.

13. The advantage of a stream cipher is that you can reuse keys.

14. Like the MAC, a hash function also takes a secret key as input.

15. The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.

16. Public-key cryptography is asymmetric.

17. Public-key algorithms are based on simple operations on bit patterns.

18. A token is the best means of authentication because it cannot be forged or stolen by an adversary.

19. User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.

20. A good technique for choosing a password is to use the first letter ofeach word of a phrase.

21. Memory cards store and process data.

22. Depending on the application, user authentication on a biometricsystem involves either verification or identification.

23. An individual's signature is not unique enough to use in biometricapplications.

24. A smart card contains an entire microprocessor.

25. Access control is the central element of computer security.

26. The authentication function determines who is trusted for a given purpose.

27. An auditing function monitors and keeps a record of user accesses to system resources.

28. External devices such as firewalls cannot provide access control services.

29. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.

30. A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed.

Part 2: Short Answers. Please answer briefly and completely, and you must cite all sources of information if any.

1. Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.

2. Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Ann's private and public keys respectively. The same for Bill (Billpriv and Billpub).

(a) If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)?

(b) Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authenticity)?

(c) Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer.

3. Assume that passwords are limited to the use of the 95 printable ASCII characters and that all passwords are 12 characters in length. Assume a password cracker with an encryption rate of 10 giga encryptions per second. How many years will it take to test exhaustively all possible passwords on a UNIX system? Note you need to show the procedures of calculation step by step as well.

Reference no: EM131274807

Questions Cloud

Discuss what you discovered about contingency planning : Discuss what you discovered about contingency planning. Discuss how creativity and critical thinking relate to contingency planning. Explain how you might integrate creativity into your own planning process.
Define the primary estates in land : Define the primary estates in land.- Explain the circumstances under which each of the following types of ownership would be most desirable.
Create a class called employee that includes three variables : (Employee Class) Create a class called Employee that includes three instance variables-a first name (type String), a last name (type String) and a monthly salary (double).
Program should be seen as command like processing : A program is to be made such that the process done inside the program should be seen as command like processing, finding etc. Please do specify every shortcuts and you can apply any design as you want.
Describe fundamental principles in both the bell-lapadula : Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of t..
What way your proposed business action is an innovative idea : Describe in what way your proposed business action is an innovative idea. Explain why you think this idea will benefit the business in terms of return of investment (ROI).
Explanation of the conditions that make systems : Research a specific buffer overflow attack technique of your choice.  This should be a technique that has been actively exploited in the past 5 years or is still a current threat. Prepare a presentation on the attack that includes at least the fol..
Explore best possible options for evaluating strategic plan : Determine the best possible options for evaluating the strategic plan. Develop methods to monitor and control your proposed strategic plan, being sure to analyze how measures will advance organizational goals financially and operationally.
Develop a 600-word analysis of the international economy : Develop a 600-word analysis of the international economy and Products that have provided the country an absolute advantage in trade (if any)

Reviews

Write a Review

Management Information Sys Questions & Answers

  What erp does your organization rely on

What enterprise resource planning (ERP) systems does your organization rely on and What influence does globalization have on ERP and Choose an ERP system and discuss why you believe this system can help your organization to improve efficiency and ..

  Determine the service utilization

Simulate the process for the first twenty persons arriving for flu shots.-  Determine the average time in queue.- Determine the service utilization.

  Operating technology in multiple countriestechnology has to

operating technology in multiple countriestechnology has to be adapted to factors that are often contradictory. for

  Analyze employee and consumer privacy

Research Websites and other technologies that provide private information on U.S. citizens -Analyze employee and consumer privacy under the law and Use technology and information resources to research issues in law, ethics, and corporate governanc..

  Description of aggregate supply curve

Description of aggregate supply curve - In a command system, economic decision making is carried out by which group?

  Determine the user interface which is the most efficient

From the second e-Activity, examine the ease of use and the pros and cons of three (3) types of user interfaces available to the user today. Determine the user interface which is the most efficient and user friendly. Provide a rationale for your r..

  Justify the need of the ieee 802 standard used in networking

Evaluate the three (3) standard organizations including IEEE, ISO, and ANSI to determine the most important for communication technology. Take a position on the need for a federal regulating body of standards such as NIST. Include supporting..

  Discussion of how business use of it has evolved during the

discussion of how business use of it has evolved during the past 50 years.discuss how business use of it has evolved

  Human elements in it strategy

For this assignment, you will continue to work on the Human Elements in IT Strategy document by creating a summary of how people, processes, and technologies are related to the overall success of the IT organization

  Plan an e-commerce site for a real or hypothetical business

Plan an e-commerce site for a real or hypothetical business and implement the site using open source tools. Students are to present their plan and implementation in an oral presentation using PowerPoint and in a written summary.

  Need of application system like sap

Need of application system like sap - 21 century application system like SAP, Oracle, people soft or JD Edwards?

  Software development life cycle

What area of the Software Development Life Cycle (SDLC) would save the most money while developing IT systems or enhancements?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd