CUSTOMER_CODE
SMUDE
DIVISION_CODE
SMUDE
EVENT_CODE
JULY15
ASSESSMENT_CODE BT0088_JULY15
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
12782
QUESTION_TEXT
Discuss Chinese Wall security policies.
SCHEME OF
EVALUATION
Chinese Wall Security Policies:
Definition: Brewer and Nash defined a security policy called the Chinese
Wall that reflects certain commercial needs for information access
protection. The security requirements reflect issues relevant to those
people in legal, medical, investment, or accounting firms who might be
subject to conflict of interest. (2 marks)
The security policy builds ion three levels of abstraction.
1.Objects: At lowest level are elementary objects, such as files. Each file
contains information concerning only one company.(2 marks)
2.Company Groups: At the next level, all objects concerning a particular
company are grouped together.(2 marks)
3.Conflict classes: At the highest level, all groups of objects are
competing companies are clustered. (2 marks)
The Chinese Wall is a commercially inspired confidentiality policy. It is
unlike most other commercial policies, which focus on integrity. As a
subject accesses some objects, other objects that would previously have
been accessible are subsequently denied. (2 marks)
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
12784
QUESTION_TEXT
What do you mean by Planning Security? Explain.
SCHEME OF
EVALUATION
Planning Security Policies:
In a computing system the security plan identifies and organizes the
security activities. The plan is both a description of the current situation
and a plan for improvement. (2 marks)
Every security plan must address seven issues:
*Current state, describing the status of security at the time of the plan
*Policy, indicating the goals of a computer security effort and the
willingness of the people involved to work to achieve those goals
*Requirements, recommending ways to meet the security goals
*Recommended controls, mapping controls to the vulnerabilities
identified in the policy and requirements
*Accountability, describing who is responsible for each security
activity
*Timetable, identifying when different security functions are to be
done
*Continuing attention, specifying a structure for periodically updating
the security plan.
(1 mark each=7 marks)
There are many approaches for creating and updating a security plan.
Some organizations have a formal, defined security planning process.
(1 mark)
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
72791
QUESTION_TEXT
Explain how cryptanalyst uses different information to break the
cipher?
SCHEME OF
EVALUATION
a. Ciphertext only: The cryptanalyst decrypt messages based on
probabilities, distributions, and characteristics of the available
ciphertext, plus publicly available knowledge.
b. Full or partial plaintext: the analyst may be fortunate to have a
sample message and its decipherment. In these cases, the analyst can
use what is called a probable plaintext analysis. After doing part of the
decryption, the analyst may find places where the known message fits
with the deciphered parts, thereby giving more clues about the total
translation.
c. Ciphertext of any plaintext: the analyst might have infiltrated the
sender’s transmission process so as to be able to cause messages to be
encrypted and sent at will. This attack is called a chosen plaintext
attack. For instance, the analyst may be able to insert records into a
database and observe the change in statistics after the insertions.
Linear programming some times enables such an analyst to infer data
that should be kept confidential in the database. This attack is very
favorable to the analyst.
d. Algorithm and Ciphertext: the analyst may have both the
encryption algorithm and the ciphertext. In a chosen plaintext attack,
the analyst can run the algorithm on massive amounts of plaintext to
find one plaintext message that encrypt as the ciphertext. This
approach fails if two or more distinct keys can produce the same
ciphertext as the result of encrypting meaningful plaintext.
e. Ciphertext and Plaintext: the cryptanalyst may lucky enough to
have some pairs of plaintext and matching ciphertext. Then, the game is
to deduce the key by which those pairs were encrypted so that the
same key can be used in cases in which the analyst has only the
ciphertext. (2 marks each)
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
72794
QUESTION_TEXT
List different Session state parameter and Connection state
parameter
SCHEME OF
EVALUATION
Different Session state parameters are :
i. Session ID
ii. Peer Certificate
iii. Compression method
iv. Cipher Suite
v. Master Secret
vi. Is Resumable
5 marks
Different Connection state parameters are:
i. Server and client random number
ii. Server write MAC secret
iii. Client write MAC secret
iv. Server write secret
v. Client write secret
vi. Initialization
vii. Sequence number
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
72795
QUESTION_TEXT
Write a note on
i. Cryptographic Hash function
ii. Digital Signature
Short note on:
SCHEME OF EVALUATION i. Cryptographic Hash function
ii. Digital Signature
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
118694
5 marks
5 marks
Explain the security features of ordinary OS.
QUESTION_TEXT
SCHEME OF EVALUATION Ans:
1.
Authentication of users–1M
2.
Protection of memory–1M
3.
File and I/O device access control.–1M
4.
Allocation and access control to general objects–2M
5.
Enforcement of sharing–1M
6.
Guarantee of fair service–1M
7.
Interprocess communication and synchronization–2M
8.
Protection of OS protection data.–1M