User Account

All Pages

Limiting the effect of an untrusted program

Assignment Help Basic Computer Science
Reference no: EM13936519

Task Part A :

1. The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today, a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? 

2. How do NIST criteria for selection of DES and AES relate to Shanon's original standards of a good cryptographic system? What are the significant differences? How do these standards reflect a changed environment many years after Shannon wrote his standards? - 15 Marks

3. A program is written to compute the sum of the integers from 1 to 10. The programmer, well trained in reusability and maintainability, writes the program so that it computes the sum of the numbers from k to n. However, a team of security specialists scrutinizes the code. The team certifies that this program properly sets k to 1 and n to 10; therefore, the program is certified as being properly restricted in that it always operates on precisely the range 1 to 10.

(a) Explain different ways that this program can be sabotaged so that during execution it computes a different sum, for example, 3 to 20. - 

(b) One means of limiting the effect of an untrusted program is confinement: controlling what processes have access to the untrusted program and what access the program has to other processes and data. Explain how confinement would apply to the above example. - 15 Marks 4. The distinction between a covert storage channel and a covert timing channel is not clear-cut. Every timing can be transformed into an equivalent storage channel. Explain how this transformation could be done. - 

Part B :

1. Research the TJX data breach case on the web and answer the following questions.

a. Was the TJX break-in due to a single security weakness or multiple security weaknesses? Explain.

b. Suggest a set of measures which probably would have prevented the TJX data breach. Justify your answer.

c. Which of the CIA goals did TJX fail to achieve in this attack? Rationale This assessment task is based on the following topics discussed in the subject: the overview of Information security fundamentals, security threats, cryptography, malicious software and its countermeasures, operating system security and software security .

The assessment task is aligned with the following learning outcomes of the subject: On successful completion of this subject, students will be able to justify security goals and the importance of maintaining the secure computing environment against digital threats; be able to explain the fundamental concepts of cryptographic algorithms; be able to examine malicious activities that may affect the security of a computer program and justify the choice of various controls to mitigate threats.

Marking criteria Assessment criteria PART A : 60 marks Assessable Components HD 100% - 85% DI 84% - 75% CR 74% - 65% PS 64% - 50% FL 49% - 0 Q.1 (5 marks) - Correct length of symmetric session key along with detailed explanation. Correct length of symmetric key along with in depth explanation. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Correct length of symmetric key along with reasonable level of explanation. Very minor omissions only.

Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Correct length of symmetric key along with reasonable level of explanation; Minor omissions in the explanation.

Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Correct length of symmetric key along with limited explanation.

Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 5.0 - 4.25 4.2 - 3.75 3.7 - 3.25 3.2 - 2.5 2.45 - 0 Q.2 (15 marks) - Relationship between NIST criteria for selection of DES and AES and Shanon's original standards. - Their significant differences. - How do these standards reflect a changed environment many years after Shannon wrote his standards?

Comprehensive knowledge and in depth explanation of the three assessable components. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Reasonable knowledge and in depth explanation of the three assessable components. Very minor omissions only.

Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Good knowledge of the three assessable components along with appropriate explanation. Some omissions.

Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Addressed the three assessable components mostly correctly along with limited explanation.

Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 15.0 - 12.75 12.6 - 11.25 11.10 - 9.75 9.60 - 7.5 7.35 - 0 Q.3(a) (10 marks) - Listing of different ways that the program can be sabotaged so that during execution it computes a different sum.

- Explanation for each. Multiple (more than three) possible ways have been listed along with in depth explanation. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Multiple (minimum three) possible ways have been listed along with in depth explanation. Very minor omissions only. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Multiple possible (minimum three) ways have been listed along with explanation.

Some omissions. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. At least two ways have been listed correctly along with limited explanation. Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 10.0 - 8.5 8.4 - 7.5 7.4 - 6.4 6.4 - 5 4.9 - 0 Q.3(b) (15 marks) - Understanding of the concept of confinement.

- Explanation of how confinement would apply to the given example. Demonstrated clear understanding of the concept of confinement; comprehensive knowledge and in depth explanation of how this concept can be applied to the given example. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Demonstrated clear understanding of the concept of confinement; comprehensive knowledge and in depth explanation of how this concept can be applied to the given example. Minor omissions only. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Demonstrated clear understanding of the concept of confinement; good explanation of how this concept can be applied to the given example. Some omissions. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Mostly correct explanation of how the concept of confinement can be applied to the given example. Some omissions.

Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 15.0 - 12.75 12.6 - 11.25 11.10 - 9.75 9.60 - 7.5 7.35 - 0 Q.4

- Understanding of the concept of covert storage channel. - Understanding of the concept of covert timing.

- Detailed explanation of how timing can be transformed into an equivalent storage channel. Comprehensive knowledge of covert storage channel and covert timing; in depth explanation of how timing can be transformed into an equivalent storage channel.

Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Comprehensive knowledge of covert storage channel and covert timing; in depth explanation of how timing can be transformed into an equivalent storage channel. Minor omissions only. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Good knowledge of covert storage channel and covert timing;correct explanation of how timing can be transformed into an equivalent storage channel. Some omissions.

Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Mostly correct explanation of how timing can be transformed into an equivalent storage channel. Some omissions. Supporting reference/(s); writing style appropriate to assignment with proper in text citation.

Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 15.0 - 12.75 12.6 - 11.25 7.4 - 6.4 9.60 - 7.5 7.35 - 0 PART B: 20 marks Q.1 (20 marks) - Was the TJX break-in due to a single security weakness or multiple security weaknesses? Explain.

- Suggest a set of measures which probably would have prevented the TJX data breach. Justify your answer. - Which of the CIA goals did TJX fail to achieve in this attack? Evidence of high level of research. Comprehensive knowledge and in depth explanation of the three assessable components.

Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Evidence of high level of research. Reasonable knowledge and in depth explanation of the three assessable components. Very minor omissions only. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Reasonable level of research. Good knowledge of the three assessable components along with appropriate explanation. Some omissions.

Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Addressed the three assessable components mostly correctly along with limited explanation.

Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 20.0 - 17 16.9 - 15 14.9 - 13 12.9 - 10 9.4 - 0 Presentation Submit the assignment in ONE word or pdf file on EASTS. Please do not submit *.zip or *.rar or multiple files. Follow the referencing guidelines for APA 6 as specified in Referencing Guides.

Reference no: EM13936519

Questions Cloud

Debate in the topic of marketing and brand management : Select a current debate in marketing and brand management. • Search the Internet and University of Roehampton Library and identify a relevant article about the current debate you selected.
What is systemic risk and how does it affect bank risk : What is systemic risk and how does it affect bank risk? What is risk layering? What is CAMELS? What are some of the key provisions of DFA?
A capital budgeting analyst for a company : A capital budgeting analyst for a company considering investments in eight projects listed in Exhibit. The company has determined that they can undertake each of these projects and have forecasted the project cash flows from each project in Exhibit.
What is the number one source of crude : What is the number one source of crude imports to the US?
Limiting the effect of an untrusted program : The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today, a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have..
Description of the problem that are outlined in the case : In a 2-3 page Word document, provide your initial reactions to the case study, including a description of the problem(s) that are outlined in the case. Case Study - Ions Consulting: The MP^2 Training Program
What concept best describes the issues facing risk manager : A bank is in the midst of a highly competitive market environment and over the past few years has created. What concept best describes is a good example of the issues facing this risk manager and why?
Discuss the role of qualitative research : Discuss the role of qualitative research in understanding the preferences of Australian Baby Boomers to international travel. Which qualitative research technique(s) should be used, and why?
Conduct a swot analysis on your selected organization : Identify the competitors of organization as well as what percentage of the market they possess - Conduct a SWOT Analysis on your selected organization and list at least three items for each category.

Reviews

Write a Review

Basic Computer Science Questions & Answers

  The consistency between all elements of the design

The consistency between all elements of the design

  First integer of input refers to the total weight the ship

First integer of input refers to the total weight the ship can carry. Second integer refers to the number of cargo present and the rest of the integers represents the individual weight of the cargo

  Technical requirements develop a website

You are required to research and discusshow the "Right to be forgotten" ruling (C131/12) may affect the quality of information shared on the Internet. Build and publisha website to illustrate and draw out your findings.

  Organizational of infrastructure and security

The last section of the project plan will present the infrastructure in accordance with the parameters set forth at the outset of the project. The network solution that is chosen should support the conceived information system and allow for scalab..

  Project plan this is for a company selling airline

this is for a company selling airline parts ltbrgt ltbrgtsection 1 written project plan ltbrgt ltbrgtyou are now in the

  Prepare a plan for implementing hyper-v

Specify the most significant advantages and disadvantages that could be realized by the organization in adopting a server virtualization infrastructure.

  Physical security

As you've learned, physical security doesn't just mean securing systems. It also involves securing the premises, any boundaries, workstations, and other areas of a company. Without physical security, data could be tampered with or stolen, and value i..

  What is the research problem the paper attempts to address

What is the research problem the paper attempts to address

  How computer technology has been changing

Which of the subsequent statements about how computer technology has been changing over the last few decades is/are true?

  Design and develop a database

Provide a logical and physical design of the database.

  Role of integrating business management cpabilities

How you see you role in integrating software, hardware, and business management cpabilities? What challenges do you anticipate encounting as head of of the IT management effort at Magnum?

  Provide injective function from to and explain why injective

Provide an injective function from ? to ? and explain why it's injective

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd