-
Feb 6, 2006 Test
These questions are for your own benefit. Feel free to discuss
the questions/answers with other students.
From Chapter 1:
1-5, 7-9, 11, 15, 16
From Chapter 2:
1, 2, 4-6
From Chapter 3:
6-8
From Chapter 4:
1-5, 9
Compare ACLs and capabilities. Describe situations in which one
is more appropriate than the other.
How does the differences between information and data apply to computer
security?
Computer systems have many layers, for example the OSI 7 layer model,
what effect does this have on formulating security policies and
mechanisms?
Be familiar with states and state transitions.
Be familiar with the Harrison-Ruzzo-Ullman model.
Be familiar with the Take-Grant model.
Identify three situations each where a system uses a grant like/take
like functionality.
Illustrate a take and a grant example from the previous question.
Why is there a distinction between objects and subjects in the model?
What is the difference between can-share and can-steal?
Suppose two subjects wish to share a right. Does it matter the
direction of a take edge between them? For a grant edge? Explain.
Be familiar with the parts of the SPM, including domains, link
predicate, filter function, can-create, and create-rule.
Illustrate two examples of the SPM.
Why are models important?
How are models compared?
Why is it important to involve all stake-holders in formulating
policies?
What are the benefits of defining an acceptable use policy?
What are the trade-offs between using high level versus low level
language to express policies?
-
February 22 Test
Chapter 5: 1, 2, 4-6, 7, 12
Chapter 6: 2, 3, 8-11.
Chapter 7: 2, 3, 5, 7
Chapter 8: 3-5
Be familiar with the Bell-LaPadula model.
What role do the rules of a policy based on Bell-LaPadula play?
How do they relate to the three properties of the model?
What happens during a state transition and what should a security
mechanism do during the transistion?
Integrity and confidentiality are different aspects of security.
Describe why different models are needed to handle them.
What is the main idea behind the Biba system?
Give an example of the operation of the Biba model.
Why are transactions important in the Clark Wilson model?
How would the Clark Wilson model change if it did not include
separation of duties? How would separation of duties affect
other models?
What would happen if the restriction on UDI was loosened?
How does the chinese wall model differ from biba or BLP models?
Give an example of how the chinese wall model works over time.
What is role based access control? How could it be used
for a banking system?
List three examples of a covert channel that could exist
between two programs on the same machine. For each of
them how is information transmitted and describe why a
traditional security policy might not handle the channel.
Be familiar with the concepts of view and transition
equivalence. How do these concepts relate to covert channels?
From a security standpoint why is it difficult to compose
systems? What are some practical effects of these difficulties?
What are the differences and similarities of non-interference
and non-deducability? Give an example of each.
-
March 15, 2006 Test
From Chapter 9: 1-3, 6, 9, 11-13, 20
From Chapter 10: 5, 6
Be able to work through an example of each of the symmetric
ciphers (key schedule generation and one round for DES).
Compare two of the following ciphers to each other.
Hill, DES, ADFGVX, Playfair and RSA.
What is the difference between Diffie-Hellman and RSA?
Why does RSA break a large message up into block?
Be familiar with cryptographic hash functions (e.g., MASH-2) and
how they could be used in digital signatures.
What is the difference between empirically secure and provablely
secure?
What is the role of permutation and substitution in the different
ciphers?
How do the different ciphers protect confidentiality, integrity, and
authentication?
How do Triple DES and DESX improve DES?
Be familiar with the Needham-Schroeder protocol and with Kerberos.
What are the trade-offs associated with single-sign on systems?
What are the trade-offs associated with ticket lifetimes?
When would it be appropriate to use a time stamp rather than
a random number in a key exchange protocol?
What is the relationship between a signature chain and trust?
-
- From the book
Chapter 11: 1, 2, 4, 5
Chapter 12: 2, 4-8, 13, 14
Chapter 13: 1-3, 5-8, 10
Chapter 18: 1, 2, 4, 5, 7
Chapter 19: 1
Chapter 21: 1-3
Chapter 25: 1-3, 5, 6
Chapter 26:
Be familiar with the different modes of IPSec and what they provide.
Understand how a SSL connection is established.
What are the different sources of information that can be used to
authenticate a user?
What are the parts of an authentication system?
What are some different forms of boimetrics and the trade-offs
associated with them?
What are the design principles associated with supporting security?
Be familiar with the term trustworthy and the following types of
assurance: information, security, policy, design, implementation,
and operational.
What is the underlying idea behind assurance?
Why are experts unlikely to be replaced by automated techniques
in certifying assurance in the near future?
Be familiar with the terms threat, vulnerability, reference monitor,
reference validation mechanism, security kernel and trusted computing
base.
What is the difference between functional requirements and assurance
requirements?
Which model was the Orange book standard most closely based upon?
What impact did this have?
What were the major limitations of the Orange book standard?
What are the major differences between the Orange book standard and the
Common Criteria standard?
What is a protection profile and what is its purpose?
What is the difference between the Common Criteria standard and the
SSE-CMM standard? Give an examples where each would be appropriate.
What are the different types of models used for intrusion detection?
What are the consequences of false-positives and false-negatives in
intrusion detection? How can these problems be minimized?
Be familiar with the terms firewall, proxy, packet filtering, network
address translation, and honeypots. Give an example where each
would be the best choice as a security mechanism.
What is bit-committment? How does it work?