IS623 practice
Short Answer Questions
- Suppose you have a secure system with three subjects and threeobjects, with levels as listed below. (10points)
Here H dominates L. You wish toimplement a Bell and LaPadula model of security for this system.Fill in the access rights (R and/or W) permitted by the model foreach subject/object pair in the access matrix below:
| Obj1 | Obj2 | Obj3 |
Subj1 | | | |
Subj2 | | | |
Subj3 | | | |
Type | Name | Level |
Object | Obj1 | (H, {A}) |
Object | Obj2 | (L, {B}) |
Object | Obj3 | (L, {A,B}) |
Subject | Subj1 | (L, {A,B}) |
Subject | Subj2 | (H,{B}) |
Subject | Subj3 | (H,{A,B,C}) |
- Suppose a department has determined that some users have gainedunauthorized access to the computing system. Managers fear theintruders might intercept or even modify sensitive data on thesystem. Cost to reconstruct correct data is expected to be$2,000,000 with 5% likelihood per year.
One approach to addressing thisproblem is to install a more secure data access control problem.The cost of access control software is is $50,000 with 80%effectiveness. Here is the summary of risk and control:
- Cost to reconstruct correct data = $2,000,000 with 5%likelihood per year
- Effectiveness of access control software: 80%
- Cost of access control software: $50,000
Determine the expected annual costsdue to loss and controls. Also, determine whether the costsoutweigh the benefits of preventing or mitigating the risks.(5 points)
- Suppose your data’s binary stream is 1110101. What is the XORresult with the bit stream of 1111111? (2points)
- Suppose the following:
- James’ public key = Kj, James’ private key =Kj-1
- Randy’s public key = Kr, Randy’s private key =Kr-1
- Each person’s public key is known to others; Each one’s privatekey is only known to the owner
- Explain how Randy can send a plaintext P to James secretly(2 points)
- Explain how James can verify if a plaintext P is sent fromRandy (2 points)
- Explain how Randy can verify if a plaintext P is sent fromJames and at the same time P is sent secretly from James to Randy.(2 points)
