Vous êtes sur la page 1sur 64

Anna University Syllabus Materials and

Question Papers
Wednesday, 15 May 2013
CS9224 INFORMATION SECURITY ALL UNIT QUESTIONS AND
ANSWERS (IMPORTANT)
INFORMATION SECURITY ALL UNIT QUESTIONS AND ANSWERS (IMPORTANT)
CS9224
UNIT I - INTRODUCTION TO INFORMATION SECURITY
PART A (2 MARKS)
1. What is information security?
2. What are the types of attack? Compare.
3. What is meant by top-down approach to security implementation? Give its
advantages.
4. What is meant by bottom-up approach to security implementation? Give its
disadvantages.
5. What type of security was dominant in the early years of computing?
6. What are the three components of C.I.A. triangle? What are they used for?
7. What is security blue print?
8. What is the difference between a threat agent and a threat?
9. What is vulnerability?
10. Who is involved in the security development life cycle?
11. When can a computer be a subject and an object of an attack respectively?
PART- B
1. Describe the critical characteristics of information. How are they used in the study of
computer security? (16)
2. Briefly explain the components of an information system and their security. How will
you balance security and access? (16)

3. (a) Describe the system development life cycle? (4)


(b) Explain the security system development life cycle? (12)
4. What is Information security? Explain the NSTISSC security model and the top-down
approach to security implementation. (16)
UNIT II SECURITY INVESTIGATION
PART A (2 MARKS)
1. Why is information security a management problem?
2. Why is data the most important asset an organization possesses?
3. How can a Service Level Agreement (SLA) provide a safeguard for Internet or web
hosting
services?
4. What is software piracy? Name two organizations that investigate allegations of
software abuse.
5. Name the two categories of hackers and differentiate between them.
6. Who is a cyberactivist?
7. Who is a cyberterrorist?
8. How does a threat to information security differ from an attack?
9. What is a threat?
10. Define malware. Give examples.
11. In what way does the DDoS differ from the DoS attack?
12. How do worms differ from viruses?
13. What is spoofing?
14. What are the types of password attack?
15. What is the difference between criminal law & civil law?
16. What is tort law?
17. What are the primary examples of public l aw?
18. What is a policy? How does it differ from law?
19. How does civil law differ from criminal law?
20. How does tort law differ from public law?
21. Which law amended the computer Fraud and Abuse Act of 1986, and what did it
change?

22. What are the three general categories of unethical and illegal behaviour?
23. Define DMCA.
24. What does CISSP stands for?

PART-B
1. (a)Explain the four important functions of information security in an Organization? (8)
(b) Explain the ethical concepts in Information Security and the deterrence to illegal and
unethical behaviour. (8)
2. What is a threat? Explain in detail the various groups of threats facing an
organization. (16)
3. Define an attack. Describe the attack replication vectors & the major types of attacks.
(16)
4. Write detailed notes on Codes of Ethics, Certifications and Professional
Organisations. (16)
5. Explain the relevant laws in Information Security in detail. (16)
UNIT III SECURITY ANALYSIS
PART A (2 MARKS)
1. What is risk management?
2. Who are responsible for risk management in an organization?
3. What are the four risk strategies for controlling risk?
4. Which community of interest usually takes the lead in Information security risk
management? Why?
5. What is the formula for calculating risk?
6. Define risk avoidance?
7. Define risk transference?
8. Define risk mitigation?
9. What are the three types of plans that are involved in mitigation of risk?
10. Name three common methods of risk avoidance?
11. What is the difference between intrinsic value and acquired value?

12. What is annual loss expectancy?


13. What is cost benefit analysis?
14. What is the definition of single loss expectancy?
15. What is the difference between benchmarking and baselining?
16. What are vulnerabilities?
17. What is risk assessment?
18. What is a hot site? How is this useful in risk mitigation?
19. Compare and contrast preventive and detective controls.
20. Define risk appetite.
21. What is a Delphi technique?

PART-B
1. (a). What are the four basic steps in risk management? Describe. (8)
(b). What are access controls and explain their types? (8)
2. Elaborate on
a) Asset Identification & Valuation (8)
b) Data Classification & Management (8)
3. Describe in detail the process of risk identification. (16)
4. Elaborate on risk assessment and the documentation of its results. (16)
5. What are the risk control strategies that guide an organization? Elaborate. (16)
6. Explain the components of asset valuation? (16)
7. Explain the various feasibility studies considered for a project of information security
controls
and safeguards? (16)
UNIT IV - LOGICAL DESIGN
PART-A (2 MARKS)
1. Differentiate between a mission & vision of an organization.
2. What is information security policy?
3. What is information security blueprint framework?

4. What is the difference between a policy, standard and procedure?


5. What are the differences among the IRP, DRP & BCP?
6. What is crisis management?
7. What are the inherent problems with ISO 17799, and why hasnt the U.S. adopted it?
8. What are the two major components of the sphere of security?
9. What are the levels of testing strategies involved in incident response plan?
10. Mention Pipkins three categories of incident indicators.
11. When does an incident become a disaster?
12. Write short notes on a mutual agreement.
13. State the options for Off-site Disaster Storage.
14. What is an Alert Roster? Mention its types?
15. What three outcomes or end cases you should prepare when creating attack
success scenarios?
16. What are the types of ISSP Documents?
PART B
1. Define a policy. What are the types of information security policies? Explain. (16)
2. Explain briefly
a) VISA Security model (8)
b) ISO 17799/BS 7799 (8)
3. Explain in detail the NIST Security model? (16)
4. What are the components are used in design of security architecture? Explain. (16)
5. What are the types of contingency planning? Explain. (16)
6. Explain the major steps involved in contingency planning. (16)
7. State the four phases of an incident response? Describe them. (16)
8. Write short notes on
a) DRP (8)
b) BCP (8)
UNIT V PHYSICAL DESIGN
PART A (2 MARKS)
1. What is firewall?

2. Explain the relationship between plaintext and cipher text.


3. What is RADIUS? What advantage does it have over TACACS?
4. What is network fingerprinting?
5. What is DMZ?
6. What are the main components of cryptology?
7. What is physical security?
8. Define a secure facility.
9. Write short notes on Application-Level Firewall.
10. What is a Screened Subnet Firewall?
11. Define NAT.
12. What is a host based IDS?
13. How does false reject rate differ from false accept rate?
14. What are the two protocols designed to enable secure communications across the
internet?
15. State the main components of cryptology.
16. In what ways the sophisticated heat sensor operates in the thermal detection
systems?
17. What are the two basic types of Fire detection systems?
18. What is RADIUS? What advantages does it have over TACAUS?
PART-B
1. Discuss the generation of firewalls? (16)
2. Describe the structure of firewall architecture? (16)
3. Explain the various types of Intrusion Detection Systems. (16)
4. Explain in detail the cryptography and encryption based solutions. (16)
5. Explain the key difference between symmetric and asymmetric encryption with
suitable
examples. (16)
6. Briefly explain the components of cryptology. (16)
7. Discuss some of the popular cryptographic algorithms. (16)
8. Write short notes on the various access controls used for providing physical security.
(16)

9. Describe the various methods of power management & conditioning. (16)

CS1014-INFORMATION SECURITY
TWO MARKS
1. Define Information Security.
It is a well-informed sense of assurance that the information risks and
controls are in balance.
2. What is Security?
Security is the quality or state of being secure-to be free from
danger.
3. What are the multiple layers of Security?
Physical Security
Personal Security
Operations Security
Communication Security
Network Security
Information Security
4. What are the characteristics of CIA triangle?
Confidentiality
Integrity
Availability
5. What are the characteristics of Information Security?
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
6. What is E-mail Spoofing?

It is the process of sending an e-mail with a modified field.


7. What is UDP Packet Spoofing?
User Data Protocol (UDP) Packet Spoofing enables the attacker to get
unauthorized access to data stored on computing systems.
8. What are the measures to protect the confidentiality of information?
Information Classification
Secure document storage
Application of general Security Policies.
Education of information end-users
9. What is Utility of information?
Utility of information is the quality or state of having value for some
purpose or end.
10. What are the components of information system?
Software
Hardware
Data
People
Procedures
Networks.
11. What are the functions of Locks & Keys?
Locks & Keys are the traditional tools of physical security, which
restricts access to, and interaction with the hardware components of
an information system.
12. What is Network Security?
It is the implementation of alarm and intrusion systems to make
system owners aware of ongoing compromises.
13. Differentiate Direct and Indirect attacks.
Direct Attack Indirect Attack
It is when a hacker uses
his personal computer to
break into the system

It is when a system is
compromised and used to
attack other systems,
such as in a distributed
deniel of service attack.
Originate from the threat
itself
Originate from a system
or resource that itself has
attacked & it is
malfunctioning or
working under the
control of a threat.
14. What is SDLC?
The Systems Development Life Cycle is a methodology for the design
and implementation of an information system in an organization.
15. What is a methodology?
Methodology is a formal approach to solve a problem based on a
structured sequence of procedures.
16. What are the phases of SDLC Waterfall method?
Investigation
Analysis
Logical Design
Physical Design
Implementation
Maintenance & change.
17. What is enterprise Information Security Policy?
This policy outlines the implementation of a security program within
the organization.
18. What is Risk Management?
It is the process of identifying, assessing and evaluating the levels of

risk facing the organization.


19. What are the functions of Information Security?
Protects the organizations ability to function
Enables the safe operation of applications implemented on the
organizations IT systems.
Protects the data the organization collects and uses.
Safeguards the technology assets in use at the organization.
20. What is PKI?
Public Key Infrastructure is an integrated system of software,
encryption methodologies and legal agreements that can be used to
support the entire information infrastructure of an organization.
21. What is the use of Digital Certificates?
Digital Certificates are used to ensure the confidentiality of Internet
Communications and transactions.
22. What is Firewall?
Firewall is a device that keeps certain kinds of network traffic out of a
private network.
23. What are caching network appliances?
Caching network appliances are devices that store legal copies of
Internet contents such as WebPages that are frequently referred to by
employees.
24. What are appliances?
Appliances display the cached pages to users rather than accessing
pages from the server each time.
25. What is a threat?
Threat is an object, person or other entity that represents a constant
danger to an asset.
26. What are Hackers?
Hackers are people who use and create computer software for enjoyment
or to gain access to information illegally.
27. What are the levels of hackers?

Expert Hacker
Develops software codes
Unskilled Hacker
Uses the codes developed by the experts
28. What are script kiddies?
These are hackers of limited skills who expertly written software to exploit a
system but not fully understand or appreciate the systems they hack.
29. What is a Phreaker?
A Phreaker hacks the public telephone network to make free calls.
30. What is Malicious code?
These are programs, which are designed to damage, destroy, or deny service
to the target system
31. What are the types of virus?
Macro virus
Boot virus
32. What are trojan horses?
They are software programs that hide their true nature and reveal their
designed behavior only when activated.
33. What is a polymorphic threat?
It is one that changes its apparent shape over time.
34. What is intellectual propery?
It is the ownership of ideas and control over the tangible or virtual
representation of those ideas.
35. What is an attack?
It is a deliberate act that exploits vulnerability.
36. What vulnerability?
It is an identified weakness of a controlled system with controls that are not
present or no longer effective.
37. What are the attack replication vectors?
Ip scan and attack
Web browsing

Virus
Shares
Mass mail
SNMP
`38. What is a brute force attack?
Trying every possible combination of options of password.
39. What are sniffers?
Sniffers are programs or device that can monitor data traveling over an
network.
40. What is social engineering?
It is the process of using social skills to convince people to reveal access
credentials to the attackers.
41. What are the types of Laws?
Civil Law
Criminal Law
Tort Law
42. Differentiate Private & Public Laws.
Private Laws:
This Law regulates the relationship between the individual and the
organization.
Eg: Family Law, Commercial Law, Labor Law
Public Law:
This Law regulates the structure and administration of government
agencies and their relationship with the citizens, employees and other
governments.
Eg: Criminal Law, Administrative Law, Constitutional Law.
43. What are the fundamental principles of HIPAA.
1. Consumer control of medical information.
2. Boundaries on the use of medical information.
3. Accountability for the privacy of private information.
4. Security of health information.

44. What are the general categories of unethical and illegal behaviour?
Ignorance
Accident
Intent
45. What is deterrence?
It is the best method for preventing illegal or unethical activity.
Examples are laws, Policies and technical controls.
46. What is Risk Management?
Risk Identification is conducted within the larger process of identifying and
justifying risk control known as risk management.
47. What are the communities of interest?
Information Security
Management and users
Information Technology
48. What are the responsibilities of the communities of interests?
Evaluating the risk controls
Determining which control options are cost effective for the organization
Acquiring or installing the needed controls.
Overseeing that the controls remain effective.
49. Write about MAC.
It is also called as electronic serial number or hardware addresses.
All network interface hardware devices have a unique number.
The number is used by the network operating system as a mechanism to
identify a specific network device.
50. What is Public key infrastructure certificate authority?
It is a software application that provides cryptographic key management
services.
51. What is Clean desk policy?
This requires each employee to secure all information in its appropriate
storage container at the end of each day.
52. What is risk assessment?

It is the process of assessing the relative risk for each of the vulnerabilities.
53. What is Likelihood?
Likelihood is the overall rating of the probability that a specific vulnerability
within an organization will be successfully attacked.
54. What is Residual Risk?
It is the risk that remains to the information asset even after the existing
control has been applied.
55. What are Policies?
Policies are documents that specify an organizations approach to security.
56.What are the types of security policies?
General Security Policy
Program Security Policy
Issue-Specific Policies
57. What are the types of access controls?
Mandatory Access Controls(MACs)
Nondiscretionary controls
Discretionary Controls(DAC)
58. What are the Risk Control Strategies?
Avoidance It is the risk control strategy that attempts to prevent the
exploitation of the vulnerability.
Transference It is the control approach that attempts to shift the risk to
other assets,other processes ,or other organizations.
Mitigation It is the control approach that attempts to reduce the impact
caused by the exploitation of vulnerability through planning and
preparation.
Acceptance. It is the choice to do nothingto protect vulnerability and to
accept the outcome of an exploited vulnerability.
59. What are the common methods for Risk Avoidance?
Avoidance through Application of Policy
Avoidance through Application of training and education
Avoidance through Application of technology

60. What are the types of plans in Mitigation strategy?


The Disaster Recovery Plan(DRP)
Incident Response Plan(IRP)
Business Continuity Plan(BCP)
61. What is a hot site?
It is also known as business recovery site.
It is a remote location with systems identical or similar to the home site.
62. What are the ways to categorize the controls?
Control function
Architectural Layer
Strategy Layer
Information Security Principle.
63. Differentiate Preventive and Detective controls.
Preventive Controls Detective Controls
1. Stop attempts to exploit
vulnerability by implementing a
security principle, such as
authentication or confidentiality
1. It warn organizations of violations
of security principles, organizational
policies or attempts to exploit
vulnerability.
2. It uses the technical procedure
such as encryption or combination of
technical means and enforcement
methods.
2. It use techniques such as audit
trials,intrusion detection and
configuration monitoring.
64. What are the commonly accepted information security Principles?
confidentiality

Integrity
Availability
Authentication
Authorization
Accountability
Privacy.
65. What is benefit?
It is the value that the organization recognizes by using controls to prevent
loses associated with a specific vulnerability.
66. What is asset valuation?
It is the process of assigning financial value or worth to each information
asset.
66. What is a Policy?
It is a plan or course of action, as of a government, political party, intended
to influence and determine decisions, actions and other matters.
67. Differentiate mission & Vision.
Mission: Mission of an organization is a written statement of an
organizations purpose.
Vision: Vision of an organization is a written statement of an organizations
goals.
68. What is Strategic Planning?
It is the process of moving the organization towards its vision by
accomplishing its mission.
69. What are the general groups of System-Specific Policy?
Access Control Lists
Configuration Rules.
70. What is a Capability table?
It is a list associated with users and groups
Specifies which subjects and objects a user or group can access.
These are frequently complex matrices rather than simpl;e lists or tables.
71. What is Agreed Upon Procedures?

It is a document that outlines the policies and technologies necessary


to security systems that carry the sensitive cardholder information to and from
from VISA systems.
72. What is redundancy?
Implementing multiple types of technology and thereby preventing
failure of one system from compromising the security of the information is
referred to as redundancy.
73. What is a Firewall?
It is a device that selectively discriminates against information flowing
into or out of the organization.
74. What is Firewall Subnet?
It consists of multiple firewalls creating a buffer between the outside
and inside networks.
75. What is DMZs?
A buffer against outside attack is referred to as Demilitarized Zone.
It is a no-mans-land between the inside and outside networks where
some organizations place Web Servers.
The servers provide access to organizational Web pages without allowing
Web requests to enter the interior networks.
76. What are the 2 versions of IDS?
Hot-based IDS
Network-based IDS
77. What is Contingency Planning?
It is the entire planning conducted by the organization to prepare for,
react to, and recover from events that threaten the security of information and
information assets in the organization.
78. Who are the members of the contingency team?
Champion
Project Manager
Team Members.
79. What are the stages in the Business Impact Analysis Step>?

Threat attack identification


Business unit analysis
Attack success scenarios
Potential damage assessment
Subordinate plan classification
80. What is an attack profile?
It is a detailed description of activities that occur during an attack.
81. What is an incident?
It is any clearly identified attack on the organizations information assets
that would threaten the assets confidentiality, integrity, or availability.
82. What are the phases of Incident Response?
Planning
Detection
Reaction
Recovery.
83. What are the 5 testing strategies of Incident Planning?
Checklist
Structured walk-through
Simulation
Parallel
Full interruption
84. What is an alert roster?
It is a document containing contact information for individuals to be notified
in the event of an incident.
85. What are the 2 ways to activate an alert roster?
Sequential roster It is activated as a contact person calls each person on
the roster.
Hierarchical roster It is activated as the first person calls a few other
people on the roster, who in turn call a few people.
86. What is computer forensics?
It is the process of collecting, analyzing and preserving computer

related evidence.
87. What are Honey pots?
These are computer servers configured to reassemble production
systems, containing rich information just begging to be hacked.
88. What is enticement?
It is the process of attracting attention to a system by placing
tantalizing bits of information in key locations.
89. What is entrapment?
It is the action of luring an individual into committing a crime to get a
conviction.
90. What is Mutual agreement?
It is a contract between two or more organizations that specifies how
each to assist the other in the event of a disaster.
91. What is intrusion?
An intrusion is a type of attack on information assets in which the
instigator attempts to gain entry into a system or disrupt the normal operations
of a system with, almost always, the intent to do malicious harm.
92. What is IDS?
IDS stands for Intrusion Detection Systems. It works like a burglar
alarm in that it detects a violation of its configuration and activates and alarm.
This alarm can be audible and/or visual or it can be silent.
93. What is Signature based IDSs?
Signature based IDSs, also known as knowledge based IDSs, examine
data traffic for patterns that match signatures, which are pre-configured,
predetermined attack patterns.
94. What are Honey pots?
Honey pots are decoy systems, which means they are designed to lure
potential attackers away from critical systems.
In the security industry, these systems are also known as decoys, lures, or flytraps.
95. What is the use of Scanning and analysis tools?
Scanning and analysis tools are used to pinpoint vulnerabilities in

systems, holes in security components, and unsecured aspects of the network.


Although these tools are used by attackers, they can also be used by an
administrator not only to learn more about his/her own system but also identify
and repair system weaknesses before they result in losses.
96. What are the factors of authentication?
What a supplicant knows
What a supplicant has
Who a supplicant is
What a supplicant produces
97. What is Hash function?
Hash functions are mathematical algorithms that generate a message
summary or digest that can be used to confirm the identity of a specific message
and to confirm that the message has not been altered.
98. What is PKI?
PKI Public Key Infrastructure
It is an integrated system of software, encryption methodologies,
protocols, legal agreements and third party services that enables users to
communicate securely. It includes digital certificates and certificate authorities.
99. What is Steganography?
Steganography is the process of hiding information, and while it is not
properly a form of cryptography, it is related to cryptography in that both are
ways of transmitting information without allowing it to be revealed in transit.
100. What are the protocols used in Secure Internet Communication?
S-HTTP(Secure Hypertext Transfer Protocol)
SSL(Secure Socket Layer)
SSL Record Protocol
Standard HTTP
101. What is Physical security?
Physical security addresses the design, implementation, and
maintenance of countermeasures that protect the physical resources of an
organization. This means the physical protection of the people, the hardware,

and the supporting system elements and resources associated with the control of
information in all its states: transmission, storage and processing.
102. What are the controls of protecting the Secure Facility?
Walls, Fencing, Gates
Guards
Dogs
ID Cards and Badges
Locks and keys
Mantraps
Electronic Monitoring
Alarms and Alarm Systems
Computer Rooms and Wiring Closets
Interior Walls and Doors
103. What are the basic types of Fire Detection Systems?
Thermal Detection
Smoke Detection
Flame Detection
104. What is TEMPEST?
TEMPEST is a technology that prevents the loss of data that may
result from the emissions of electromagnetic radiation.
105. What is UPS? What are the types of UPS?
UPS- Uninterruptible Power Supply
It is a electrical device that serves as a battery backup to detect the
interruption of power to the power equipment.
The basic configurations are,
Standby or offline UPS
Ferroresonant Standby UPS
Line-interactive UPS
True online UPS
106. What are the relevant terms for electrical power influence?
Fault: Momentory Interruption in power

Blackout: Prolonged Interruption in power


Sag: Momentary drop in power voltage levels
Brown out: Prolonged drop in power voltage levels
Spike: Momentory increase in power voltage levels
Surge: Prolonged increase in power voltage levels
107. What is fail-safe lock?
It is usually used on an exit,where it is essential for human safety in
the event of a fire.It is used when human safety is not a factor.
108. What are the conditions cotrolled by HVAC Systems?
Temperature
Filtration
Humidity
Static Electricity.
16-MARKS
1.Explain the Critical Characteristics of Information
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
2. Explain the Components of an Information System
Software
Hardware
People
Data
Procedures
Networks
3. Explain SDLC in detail.
Methodology

Phases
Phases
Investigation
Analysis
Logical Design
Physical Design
Implementation
Maintenance and change
4. Explain SecSDLC in detail
Investigation
Analysis
Logical Design
Physical Design
Implementation
Maintenance and change
5. Explain the functions of an Information security organization
Protects the organizations ability to function
Enabling safe operation of applications
Protecting data that organizations collect and use
Safeguarding technology assets in organizations
6. Explain the categories of Threat in detail.
Acts of human error or failure
Deviations in QOS by service providers
Deliberate acts of espionage or trespass
Deliberate acts of information extortion
Deliberate acts of Sabotage or vandalism
Deliberate acts of theft
Deliberate software attacks
Compromises to Intellectual Property
Forces of Nature.
7. Explain the types of Attacks in detail?

Malicious code
Hoaxes
Back Doors
Password Crack
Brute Force
Dictionary
8. Explain General Computer Crime Laws.
Computer Fraud & abuse Act 0f 1986
USA Patriot Act of 2001
Communications Decency Act
Computer Security Act of 1987
9. Explain Ethical Concepts in Information Security.
Cultural Differences in Ethical Concepts
Software License Infringement
Illicit use
Misuse of corporate resources
10. Explain Risk Management in detail.
Know Yourself
Know Your Enemy
All Communities of Interest
11. Explain Risk Identification in detail
Asset Identification & Valuation
Automated Risk Management tools
Information Asset Classification
Information Asset Valuation
Listing Assets in order of importance
Data Classification & Management
Threat Identification
12. Explain Risk assessment in detail.
Introduction
Likelihood

Valuation of Information Assets


Percentage of Risk Mitigated by Controls
Access Controls
13. Explain Risk Control strategies in detail
Avoidance
Mitigation
Acceptance
Transference
14. Explain Risk Mitigation strategy Selection
Evaluation, Assessment and Maintenance of Risk controls
Categories of controls
Architectural Layer
Strategy Layer

15. Explain the types of Policies in detail.


General security Policy
Issue-Specific Policy
System-specific Policy
16. Explain NIST Security Models in detail.
NIST Special Publication SP 800-12
NIST Special Publication SP 800-14
NIST Special Publication SP 800-18
17. Explain VISA International Security Model in detail.
Baselining and best Business Practises
18. Explain the design of Security Architecture in detail.
Defense in Depth
Security Perimeter
Key Technology Components
19. Explain the Major Steps in Contingency Planning.
Business Impact Analysis
Incident Response Planning

Disaster Recovery Planning


Business Continuity Planning.
20.Explain Information Security Policy, Standards and Practices in detail.
Definitions
Security Program Policy(SPP)
Issue-Specific Security Policy(ISSP)
Systems-Specific Policy(SysSP)
ACL Policies
Policy Management
21. Explain protocols for Secure communication in detail.
S-HTTP & SSL
Secure/Multipurpose Internet Mail Extension(S/MIME)
Internet Protocol Security(IPSec)
22. Explain Staffing the security in detail.
Qualifications and Requirements
Entry into the Security Profession
Information Security Positions
23. Explain the fire safety in Physical security.
Fire Detection & Response
Fire Detection
Fire Suppression
Gaseous Emission Systems
24. Explain the Cryptographic algorithms in detail.
Data Encryption Standards(DES)
Public Key Infrastructure(PKI)
Digital Signatures
Pretty Good Privacy(PGP)
25. Explain IDS in detail
Host-based Ids
Network-based IDS
Signature-based IDS

Statistical Anomaly-based IDS


26. Explain the type of encryption/decryption method.
Conventional Methods:
Character-Level Encryption: Substitutional & Transpositional
Bit-Level Encryption: Encoding/Decoding, Permutation, Substitution,
Product, Exclusive-Or & Rotation
Public key Methods
27. Explain about RSA algorithm.
Public key Encryption technique.
Encryption algorithm
Decryption algorithm
Security in RSA
28.Explain about secret key encryption algorithm.
Data Encryption Standard
Algorithm
Sub key generation
29. Explain Scanning and Analysis Tools in detail
Footprinting
Fingerprinting
Port Scanners
Vulnerability Scanners
Packet Sniffers
Content Filters
30. Explain Firewalls in detail.
Development of Firewalls(5 generations)
Firewall Architecture
Packet Filtering Routers
Screened Host Firewall Systems
Dual-homed Host Firewalls
Screened Subnet Firewalls(with DMZ)
SOCKS Server Configuring and Managing Firewalls

Anna University Syllabus Materials and


Question Papers
Wednesday, 15 May 2013
CS9224 INFORMATION SECURITY UNIVERSITY QUESTIONS WITH
ANSWERS
CS9224 INFORMATION SECURITY
ANSWER KEY
PART-A
1.

List out the security services.


The three security servicesconfidentiality, integrity, and availabilitycounter
threats to the security of a system. Shirey divides threats into four broad classes:
disclosure, or unauthorized access to information; deception, or acceptance of
false data; disruption, or interruption or prevention of correct operation; and
usurpation, or unauthorized control of some part of a system. These four broad
classes encompass many common threats.

2.

Define the snooping and spoofing.

Snooping, the unauthorized interception of information, is a form of disclosure. It


is passive, suggesting simply that some entity is listening to (or reading)
communications or browsing through files or system information.

Masquerading or spoofing, an impersonation of one entity by another, is a form of


both deception and usurpation.

3.

Write the cryptographic checksum function properties.


A cryptographic checksum function (also called a strong hash function or a strong
one-way function) h: A B is a function that has the following properties.

For any x A, h(x) is easy to compute.

For any y B, it is computationally infeasible to find x A such that h(x) = y.

It is computationally infeasible to find x, x' A, such that x x' and h(x) = h(x').
(Such a pair is called a collision.)
The third requirement is often stated as:

Given any x A, it is computationally infeasible to find another x' A such that x x'
and h(x') = h(x).

4.

What is Session and Interchange Keys?

An interchange key is a cryptographic key associated with a principal to a


communication.

5.

A session key is a cryptographic key associated with the communication itself.


Distinguish between principle of least privilege and principle of fail-safe
defaults.

The principle of least privilege states that a subject should be given only those
privileges that it needs in order to complete its task.

The principle of fail-safe defaults states that, unless a subject is given explicit
access to an object, it should be denied access to that object.

6.

Define Certification authorities issuance policy and confinement problem.


Access control affects the function of the server in two ways.

The server must ensure that the resources it accesses on behalf of the client
include only those resources that the client is authorized to access.

The server must ensure that it does not reveal the client's data to any other entity
not

7.

authorized

to

see

the

client's

data.

What is Malicious logic and Trojan horse?

Malicious logic is a set of instructions that cause a site's security policy to be


violated.

A Trojan horse is a program with an overt (documented or known) effect and a


covert (undocumented or unexpected) effect.
Short note on computer virus and boot sector infector.

8.

A computer virus is a program that inserts itself into one or more files and then

performs some (possibly null) action.

9.

A boot sector infector is a virus that inserts itself into the boot sector of a disk.
Write the goals of the Drib's security policy.
The goals of the Drib's security policy are to be as follows.

Data related to company plans is to be kept secret. In particular, sensitive


corporate data, such as data involved in developing potential products, is to be
available only to those who need to know.

When a customer provides data (such as a credit card number) to the Drib as
part of a purchase, the data, and all information about the customer, are to be
available only to those who fill the order. Company analysts may obtain statistics
about a number of orders for plannning purposes.

10.

Releasing sensitive data requires the consent of the company's officials and
lawyers.
Short note on Anticipating Attacks.
In spite of the measures outlined above, the Drib security officers realize
that their network and systems might be compromised through unanticipated
means. They have taken steps to prepare for, and handle, such attacks.
PART-B

11

Write an overview of Computer Security with neat examples.


Confidentiality

Confidentiality is the concealment of information or resources.


Integrity

Integrity refers to the trustworthiness of data or resources, and it is usually


phrased in terms of preventing improper or unauthorized change.

Availability
Availability refers to the ability to use the information or resource desired.

12. Explain the following


a) Classical Cryptosystems.

Classical cryptosystems (also called single-key or symmetric cryptosystems) are


cryptosystems that use the same key for encipherment and decipherment. In
these systems, for all Ek C and k K, there is a Dk D such that Dk = Ek1.

Transposition Ciphers

A transposition cipher rearranges the characters in the plaintext to form the


ciphertext. The letters are not changed.
Substitution Ciphers

A substitution cipher changes characters in the plaintext to produce the


ciphertext.
Vigenre Cipher

A longer key might obscure the statistics.


b) Public Key Cryptography.

Because one key is public, and its complementary key must remain secret, a
public key cryptosystem must meet the following three conditions.
It must be computationally easy to encipher or decipher a message given the
appropriate key.
It must be computationally infeasible to derive the private key from the public key.
It must be computationally infeasible to determine the private key from a chosen
plaintext attack.
The first cipher to meet these requirements generates a shared session key. The
second one provides both secrecy and authentication.
(OR)
Write about the Stream and Block Ciphers and Networks and Cryptography
Let E be an encipherment algorithm, and let Ek(b) be the encipherment of
message b with key k. Let a message m = b1b2 , where each bi is of a fixed
length. Then a block cipher is a cipher for which Ek(m) = Ek(b1)Ek(b2) .
An n-stage linear feedback shift register (LFSR) consists of an n-bit register r =
r0rn1 and an n-bit tap sequence t = t0tn1. To obtain a key bit, r0 is used,
the register is shifted one bit to the right, and the new bit r0t0rn1tn1 is
inserted.

13.

Write about the Design Principles with DVD key layout examples.
The principle of open design states that the security of a mechanism should not
depend on the secrecy of its design or implementation.

The principle of separation of privilege states that a system should not grant

permission based on a single condition.

The principle of least common mechanism states that mechanisms used to


access resources should not be shared.

The principle of psychological acceptability states that security mechanisms


should not make the resource more difficult to access than if the security
mechanisms were not present.

(OR)
Write about the following Access Control Mechanisms.
a) Access Control Lists.
Let S be the set of subjects, and R the set of rights, of a system. An access
control list (ACL) l is a set of pairs l = { (s, r) : s S, r R }. Let acl be a function that
determines the access control list l associated with a particular object o. The
interpretation of the access control list acl(o) = { (si, ri) : 1 i n } is that subject si
may access o using any right in ri.
b) Locks and Keys.
The locks and keys technique combines features of access control lists and
capabilities. A piece of information (the lock) is associated with the object and a
second piece of information (the key) is associated with those subjects authorized
to access the object and the manner in which they are allowed to access the
object. When a subject tries to access an object, the subject's set of keys is
checked. If the subject has a key corresponding to any of the object's locks,

access of the appropriate type is granted.


Type Checking - Type checking restricts access on the basis of the types of the
subject and object. It is a form of locks and keys access control, the pieces of
information being the type. Systems use type checking in areas other than
security.
Sharing Secrets - A (t, n)-threshhold scheme is a cryptographic scheme in which
a datum is divided into n parts, any t of which are sufficient to determine the
14.

original datum. The n parts are called shadows.


What is computer virus and explain about all the types of computer viruses.

A boot sector infector is a virus that inserts itself into the boot sector of a disk.

An executable infector is a virus that infects executable programs.

A multipartite virus is one that can infect either boot sectors or applications.

A terminate and stay resident (TSR) virus is one that stays active (resident) in
memory after the application (or bootstrapping, or disk mounting) has terminated.

Stealth viruses are viruses that conceal the infection of files.

A polymorphic virus is a virus that changes its form each time it inserts itself
into another program.
(OR)
Write the following auditing.

a) Designing an Auditing System.

Logging is the recording of events or statistics to provide information about

system use and performance.


Auditing is the analysis of log records to present information about the system in

a clear and understandable manner.


Logger
Logging mechanisms record information. The type and quantity of information are
dictated by system or program configuration parameters. The mechanisms may
record information in binary or human-readable form or transmit it directly to an

analysis mechanism.
Analyzer
An analyzer takes a log as input and analyzes it. The results of the analysis may
lead to changes in the data being recorded, to detection of some event or
problem, or both.

Notifier
The analyzer passes the results of the analysis to the notifier. The notifier informs
the analyst, and other entities, of the results of the audit. The entities may take

some action in response to these results.


An anonymizing sanitizer deletes information in such a way that it cannot be
reconstructed by either the recipient or the originator of the data in the log. A
pseudonymizing sanitizer deletes information in such a way that the originator of

the log can reconstruct the deleted information.


A state-based logging mechanism records information about a system's state. A
state-based auditing mechanism determines whether or not a state of the system

is unauthorized.
A transition-based logging mechanism records information about an action on a
system. A transition-based auditing mechanism examines the current state of the
system and the proposed transition (command) to determine if the result will place
the system in an unauthorized state.

15.

Write about the user security and explain with Files and Devices.
Files
Users must protect confidentiality and integrity of the files to satisfy policy
component U2. To this end, they use the protection capabilities of the system to
constrain access. Complicating the situation are the interpretation of permissions
on the containing directories.

A direct alias is a directory entry that points to (names) the file. An indirect alias is
a directory entry that points to a special file containing the name of the target file.
The operating system interprets the indirect alias by substituting the contents of
the special file for the name of the indirect alias file.

A smart terminal provides built-in mechanisms for performing special functions.


(OR)
Explain the following system security.
a) Authentication
Authentication binds the identity of the user to processes. Incorrect or
compromised authentication leads to security problems. In this section, we
consider the authentication techniques used in the two systems.

b) Retrospective
The Web Server System in the DMZ

The Web server on the DMZ Web server system runs a minimal set of services. It
keeps everything possible on unalterable media.
The Development System

The development system also runs a minimal set of programs and services.

ANSWERKEY
PART-A
1.

List out the Goals of Security

Prevention means that an attack will fail.

Detection is most useful when an attack cannot be prevented, but it can also
indicate the effectiveness of preventative measures.

Recovery has two forms.

2.

Draw the security life cycle.

3.

What is HMAC (Hash Message Authentication Code)?


HMAC is a generic term for an algorithm that uses a keyless hash function
and a cryptographic key to produce a keyed hash function. This mechanism

enables Alice to validate that data Bob sent to her is unchanged in transit. Without
the key, anyone could change the data and recompute the message
authentication code, and Alice would be none the wiser.
4.

Short note on Precomputing the Possible Messages


Simmons discusses the use of a "forward search" to decipher messages
enciphered for confidentiality using a public key cryptosystem. His approach is to
focus on the entropy (uncertainty) in the message.

5.

State the principle of economy of mechanism with example.


One factor in evaluating a system's security is its complexity. If the design,
implementation, or security mechanisms are highly complex, then the likelihood of
security vulnerabilities increases.

6.

Define Certification authorities authentication policy and virtual machine.


A virtual machine is a program that simulates the hardware of a (possibly
abstract) computer system.

7.

Short note on executable infector and viruses

A computer virus is a program that inserts itself into one or more files and then
performs some (possibly null) action.

8.

An executable infector is a virus that infects executable programs.


Write the comparison between formal verification and penetration testing.
A penetration test is an authorized attempt to violate specific
constraints stated in the form of a security or integrity policy. This formulation
implies a metric for determining whether the study has succeeded.

9.

Short note on TCP State and Memory Allocations.

This approach springs from the way in which most TCP servers are implemented.
When a SYN packet is received, the server creates an entry in a data structure of
pending connections and then sends the SYN/ACK packet.

The entry remains until either a corresponding ACK is received or a time-out


occurs. In the former case, the connection is completed; in the latter case, a new

entry for the next SYN packet is created. Under a SYN flood, the data structure is
10.

kept full of entries that never move to the connected state.


List out the components of users' policies.
The components of users' policies that we focus on are as follows.
U1. Only users have access to their accounts.
U2. No other user can read or change a file without the owner's permission.
U3. Users shall protect the integrity, confidentiality, and availability of their files.
U4. Users shall be aware of all commands that they enter, or that are entered on
their behalf.
PART-B

11
.

Explain about the Access Control Matrix and explain with their model.
The simplest framework for describing a protection system is the access
control matrix model, which describes the rights of users over files in a matrix.
Access Control by Boolean Expression Evaluation
Types of access are defined by the database and are called verbs; for
example, the Structured Query Language (SQL) would have the verbs Insert and
Update. Each rule, corresponding to a function, is associated with one or more
verbs. Whenever a subject attempts to access an object using a right (verb) r, the
Boolean expression (rule) associated with r is evaluated; if it is true, access is
allowed, but if it is false, access is not allowed.
Access Controlled by History
Statistical databases are designed to answer queries about groups of
records yet not reveal information about any single specific record.
(OR)
Write about the Confidentiality Policies with neat examples.
Goals of Confidentiality Policies
A confidentiality policy, also called an information flow policy, prevents the
unauthorized disclosure of information.
The Bell-LaPadula Model

Simple Security Condition, Preliminary Version

*-Property (Star Property), Preliminary Version

Basic Security Theorem, Preliminary Version

Example: The Data General B2 UNIX System


Tranquility

The principle of tranquility states that subjects and objects may not change
their security levels once they have been instantiated. Suppose that security levels
of objects can be changed, and consider the effects on a system with one category
and two security clearances, HIGH and LOW.
The principle of strong tranquility states that security levels do not change
during the lifetime of the system.
The principle of weak tranquility states that security levels do not change in a way
that violates the rules of a given security policy.
The Controversy over the Bell-LaPadula Model
The Bell-LaPadula Model became the target of inquiries into the
foundations of computer security. The controversy led to a reexamination of
security models and a deeper appreciation of the complexity of modeling real
systems.

12 Write about the following


. a) Key Exchange
The goal of key exchange is to enable Alice to communicate secretly to Bob, and
vice versa, using a shared cryptographic key. Solutions to this problem must meet

the following criteria.


The key that Alice and Bob are to share cannot be transmitted in the clear. Either it
must be enciphered when sent, or Alice and Bob must derive it without an exhange
of data from which the key can be derived. (Alice and Bob can exchange data, but

a third party cannot derive the key from the data exchanged.)
Alice and Bob may decide to trust a third party (called "Cathy" here).
The cryptosystems and protocols are publicly known. The only secret data is to be

the cryptographic keys involved.


Classical cryptosystems and public key cryptosystems use different protocols.
b) Cryptographic Key Infrastructures
A cryptographic checksum function (also called a strong hash function or a
strong one-way function) h: A B is a function that has the following properties.

For any x A, h(x) is easy to compute.

For any y B, it is computationally infeasible to find x A such that h(x) = y.

It is computationally infeasible to find x, x' A, such that x x' and h(x) = h(x'). (Such

a pair is called a collision.)

The third requirement is often stated as:

Given any x A, it is computationally infeasible to find another x' A such that x x'
and h(x') = h(x).

13 Write about the following Access Control Mechanisms


. a) Access Control Lists.
Let S be the set of subjects, and R the set of rights, of a system. An access control
list (ACL) l is a set of pairs l = { (s, r) : s S, r R }. Let acl be a function that
determines the access control list l associated with a particular object o. The
interpretation of the access control list acl(o) = { (si, ri) : 1 i n } is that subject si
may access o using any right in ri.
b) Locks and Keys.
The locks and keys technique combines features of access control lists and
capabilities. A piece of information (the lock) is associated with the object and a
second piece of information (the key) is associated with those subjects authorized
to access the object and the manner in which they are allowed to access the
object. When a subject tries to access an object, the subject's set of keys is
checked. If the subject has a key corresponding to any of the object's locks, access
of the appropriate type is granted.
Type Checking - Type checking restricts access on the basis of the types of the
subject and object. It is a form of locks and keys access control, the pieces of
information being the type. Systems use type checking in areas other than security.
Sharing Secrets - A (t, n)-threshhold scheme is a cryptographic scheme in which
a datum is divided into n parts, any t of which are sufficient to determine the
original datum. The n parts are called shadows.
(OR)
Write about the Design Principles with DVD key layout examples.

The principle of open design states that the security of a mechanism should not
depend on the secrecy of its design or implementation.

The principle of separation of privilege states that a system should not grant
permission based on a single condition.

The principle of least common mechanism states that mechanisms used to access
resources should not be shared.

The principle of psychological acceptability states that security mechanisms


should not make the resource more difficult to access than if the security
mechanisms were not present.

14 Explain the following


. a) Theory of Malicious Logic (10)

The types of malicious logic discussed so far are not distinct. Computer viruses
are a form of Trojan horses. Computer viruses may contain logic bombs, as might
computer worms. Some worms and viruses are bacteria because they absorb all
the resources of some type.

Let T be a Turing machine and let V be a sequence of symbols on the machine


tape. Let sv be a distinguished state of T. For every v V, when T lies at the
beginning of v in tape square k, suppose that after some number of instructions are
executed, a sequence v' V lies on the tape beginning at location k', where either k
+ |v| k' or k'+ |v| k. Then (T, V) is a viral set and the elements of V are computer
viruses.

It is undecidable whether an arbitrary program contains malicious logic.

b) Computer worms (6)

A computer worm is a program that copies itself from one computer to another.

The Father Christmas worm was interesting because it was a form of macro worm.
(OR)
Write the explanation about the Penetration Studies with example of
Compromise of a Burroughs System

Logging is the recording of events or statistics to provide information about system


use and performance.

A penetration study is a test for evaluating the strengths of all security controls on
the computer system. The goal of the study is to violate the site security policy. A
penetration study (also called a tiger team attack or red team attack) is not a
replacement for careful design and implementation with structured testing. It
provides a methodology for testing the system in toto, once it is in place. Unlike
other testing and verification technologies, it examines procedural and operational
controls as well as technological controls.
Goals

A penetration test is an authorized attempt to violate specific constraints stated in


the form of a security or integrity policy. This formulation implies a metric for
determining whether the study has succeeded.
Layering of Tests

External attacker with no knowledge of the system.

External attacker with access to the system.

Internal attacker with access to the system.


15.

Explain the following


a) Electronic Communications (6)
Electronic communications deserves discussion to emphasize the importance of users
understanding basic security precautions.
-Automated Electronic Mail Processing
-Failure to Check Certificates
-Sending Unexpected Content
b) Common Security-Related Programming Problems (10)
Structure the process so that all sections requiring extra privileges are modules. The

modules should be as small as possible and should perform only those tasks that require
those privileges.
Check that the process privileges are set properly.
The program that is executed to create the process, and all associated control files, must
be protected from unauthorized use and modification. Any such modification must be
detected.
Ensure that any assumptions in the program are validated. If this is not possible, document
them for the installers and maintainers, so they know the assumptions that attackers will
try to invalidate.
(OR)
Write about the program security and explain with Testing, Maintenance, and Operation
Testing
The results of testing a program are most useful if the tests are conducted in the environment in which the
program will be used (the production environment). So, the first step in testing a program is to construct an
environment that matches the production environment. This requires the testers to know the intended
production environment. If there are a range of environments, the testers must test the programs in all of
them. Often there is overlap between the environments, so this task is not so daunting as it might appear.
The types of test are as follows.

Normal data tests. These tests provide unexceptional data.The data should be chosen to
exercise as many paths of control through the module as possible.
Boundary data tests. These tests provide data that tests any limits to the interfaces. For
example, if the module expects a string of up to 256 characters to be passed in, these
tests invoke the module and pass in arrays of 255, 256, and 257 characters.
Exception tests. These tests determine how the program handles interrupts and traps.
Error handling tests. These tests assume that the called modules violate their
specifications in some way. The goal of these tests is to determine how robust the caller
is. If it fails gracefully, and restores the system to a safe state, then the module passes
the test. Otherwise, it fails and must be rewritten.

Testing the Program


Once the testers have assembled the program and its documentation, the final phase of
testing begins. The testers have someone follow the installation and configuration
instructions.

CS9224 INFORMATION SECURITY


PART-A
Define threats and three security services.
Differentiate snooping and spoofing.
Define security policy and mechanism.
List out the goals of security and short hint on each goal.
Draw the security life cycle with example.
Short note on copy right and own right.
List out the goals of integrity policies.
What is Informal Description of Chinese Wall Model?
Differentiate random number and pseudorandom numbers.
Define interchange key and session key.
Short note on cryptographic checksum function.
What is RSA and HMAC?
What is digital signature and uses?
What is a cipher technique and what are the problems in it?
Differentiate LFSR and NLFSR.
Draw the Message handling system and short note it.
List out the design goals of PEM.
Write the table for RSA, Classical Ciphers, and Checksum Combinations
Define authentication
List out the authentication system five components.
Write about the proactive password checker
What is Pass Algorithms
Draw the ISO/OSI model
Write about the SSL session
Define Malicious logic
Differentiate Trojan horse and propagating Trojan horse
What is computer worm and boot sector infector?
Define the logging and auditing.
Short note on intrusion principles.

Write about the Autonomous Agents: AAFID

PART - B
Write about the computer security basic components.
What are operational issues and explain each steps.
Explain about the access control matrix model.
Brief the confidentiality policies
Brief the Integrity policies with Clark-Wilson Integrity Model.
Write about the Clinical Information Systems Security Policy in Hybrid Policies.
Write the overview of Classical Cryptosystems.
Explain about the Key Management and Cryptographic Key Infrastructures.
Brief the Storing and Revoking Keys
Write about the public key signatures.
Overview of Stream Ciphers.
Explain about the Networks and Cryptography and example protocols.
Explain about the Stream and Block Ciphers
Brief the Secure Electronic Mail: PEM and draw the neat diagram
Write about Hardware-Supported Challenge-Response Procedures and ChallengeResponse and Dictionary Attacks
Explain about the Common characteristics of Biometrics
Write about the computer viruses and several types of computer viruses.
Explain about the vulnerability frameworks with neat examples.
Explain about the Gupta and Gligor's Theory of Penetration Analysis.
Explain the following
a) Anatomy of an Auditing System. (3)
b) Intrusion detection architecture. (3)
CS9224 INFORMATION SECURITY
PART-A

1.

Short note on confidentiality and integrity.

Confidentiality is the concealment of information or resources.

Integrity refers to the trustworthiness of data or resources, and

Integrity mechanisms fall into two classes: prevention mechanis

2.

Differentiate Denial of receipt and Denial of service.

Denial of receipt, a false denial that an entity received some in


Denial of service, a long-term inhibition of service, is a form of

3.

Write the trusting that mechanisms work requires several assumpt


Trusting that mechanisms work requires several assumptions.

Each mechanism is designed to implement one or more parts of the s

The union of the mechanisms implements all aspects of the security p


The mechanisms are implemented correctly.
The mechanisms are installed and administered correctly.
4.

Short note on Protection State.

The state of a system is the collection of the current values of a

5.

Write about Principle of Attenuation of Privilege.

Principle of Attenuation of Privilege. A subject may not give right

6.

7.

Write the types of Security Policies.

A military security policy (also called a governmental security po

A commercial security policy is a security policy developed prim

A confidentiality policy is a security policy dealing only with confi

An integrity policy is a security policy dealing only with integrity.

List out the Types of Access Control.

8.

9.

If an individual user can set an access control mechanism to allo

When a system mechanism controls access to an object and an

An originator controlled access control (ORCON or ORGCO

Define interchange key and session key.

An interchange key is a cryptographic key associated with a prin

A session key is a cryptographic key associated with the commu

Short note on cryptographic checksum function.

The initial phase of session setup uses a public key cryptosystem

10.

What is RSA and HMAC?

RSA is an exponentiation cipher. Choose two large prime numb

HMAC is a generic term for an algorithm that uses a keyless has

PART-B

7.

Write an Overview of Computer Security with neat examples.

Computer security rests on confidentiality, integrity, and availa

Confidentiality is the concealment of information or resources

Integrity refers to the trustworthiness of data or resources, an

Availability refers to the ability to use the information or resou

8.

Write about the following


a. Biba Integrity Model.
b. Lipner's Integrity Matrix Model.

An information transfer path is a sequence of objects o1, ..., on+1 an

If there is an information transfer path from object o1

O to

The ring policy ignores the issue of indirect modification and focus
1. Any subject may read any object, regardless of integrity levels.
2. s

3. s1

S can write to o

S can execute s2

O if and only if i(o)

i(s)

S if and only if i(s2)

This model is the dual of the Bell-LaPadula Model, and is most com
1. s

S can read o

2. s

S can write to o

O if and only if i(s)

O if and only if i(o)

i(o).

i(s)

3. s1

S can execute s2

S if and only if i(s2)

Lipner's Use of the Bell-LaPadula Model

Lipner provides two security levels, in the following order (higher to

Audit Manager (AM): system audit and management functi

System Low (SL): any process can read information at this

He similarly defined five categories:

9.

Development (D): production programs under developmen

Production Code (PC): production processes and programs

Production Data (PD): data covered by the integrity policy

System Development (SD): system programs under develo

Software Tools (T): programs provided on the production sy

Write about the Key Exchange and key generation.

The goal of key exchange is to enable Alice to communicate secre

1. The key that Alice and Bob are to share cannot be transmitted in th

2. Alice and Bob may decide to trust a third party (called "Cathy" here

3. The cryptosystems and protocols are publicly known. The only sec

Key Generation

The secrecy that cryptosystems provide resides in the selection of

A sequence of cryptographically random numbers is a sequ

A sequence of cryptographically pseudorandom numbers is

A strong mixing function is a function of two or more inputs

10.

Explain the following


a. Key Generation.

Key Generation

The secrecy that cryptosystems provide resides in the selection of

A sequence of cryptographically random numbers is a sequ

A sequence of cryptographically pseudorandom numbers is

A strong mixing function is a function of two or more inputs that pro


b. Session and Interchange Keys.

An interchange key is a cryptographic key associated with a princ


A session key is a cryptographic key associated with the commun

PART-A

1.

List out the authentication system consisting of five components.

1. The set A of authentication information is the set of specific information wi

2. The set C of complementary information is the set of information that the s

3. The set F of complementation functions that generate the complementary

4. The set L of authentication functions that verify identity. That is, for l

5. The set S of selection functions that enable an entity to create or alter the
2.

What is proactive password checker?

A proactive password checker is software that enforces specific restriction

3.

Distinguish between the authentication policy and issuance policy.


A CA authentication policy describes the level of authentication required
A CA issuance policy describes the principals to whom the CA will issue

4.

Define the State and Cookies

A message given to a Web browser by a Web server. The browser st

5.

Explaion about the locks and keys technique.

The locks and keys technique combines features of access control lists an
6.

Write about the Confinement Flow Model


The confinement flow model is a 4-tuple (I, O, confine,

7.

Draw the use of an SPI to check for corrupted files.

Use of an SPI to check for corrupted files.


8.

Write the covert channel

A covert storage channel uses an attribute of the shared resource. A cove


9.

Define noiseless covert channel

A noiseless covert channel is a covert channel that uses a resource availa


10.

Short note on Copying and Amplifying Capabilities

The ability to copy capabilities implies the ability to give rights. To prevent

PART-A (3 x 10 = 30 MARKS)

ANSWER THE ANY THREE

7.

Brief the Biometrics common charecteristics.

Biometrics is the automated measurement of biological or beh

Fingerprints - Fingerprints can be scanned optically, but the came


Voices - Authentication by voice, also called speaker verification
Eyes - Authentication by eye characteristics uses the iris and the

Faces - Face recognition consists of several steps. First, the face


Keystrokes - Keystroke dynamics requires a signature based on k

Caution - Because biometrics measures characteristics of the indi

8.

Explain about the Representing Identity


The theme of identity runs throughout humanity's experience, and

What Is Identity? - A principal is a unique entity. An identity specif

The identity of a file or other entity (here called an "object") depend

user is an identity tied to a single entity. Specific systems may add


Groups and Roles

The "entity" may be a set of entities referred to by a single identifie

A CA authentication policy describes the level of authentication req


A CA issuance policy describes the principals to whom the CA will

The Internet infrastructure handles these conflicts with a Distinguis

1. A hash value computed on a canonical representation of the CA's


2. The CA's public key in the certificate
3. The Distinguished Name of the PCA

Identity on the Web - Certificates are not ubiquitous on the Interne

9.

Overview the Information Flow.


Although access controls can constrain the rights of a user,

Entropy-Based Analysis - The command sequence c causes a f

An implicit flow of information occurs when information flows

The confinement flow model is a 4-tuple (I, O, confine,) in w

A set of statements is certified with respect to an information flow p


Program Statements
A program consists of several types of statements. Typically, they
1. Assignment statements
2. Compound statements
3. Conditional statements
4. Iterative statements
5. Goto statements
6. Procedure calls
7. Function calls
8. Input/output statements.
Execution-Based Mechanisms

The goal of an execution-based mechanism is to prevent an inform

y = f(x1, ..., xn)


is executed, the execution-based mechanism verifies that

lub(x1, ..., xn)

If the condition is true, the assignment proceeds. If not, it fails. A na


Implicit flows complicate checking.

10.

Brief the Compiler-Based Mechanisms.

Compiler-based mechanisms check that information flows through

A set of statements is certified with respect to an information flow p

We opt for a more liberal approach, in which the language constru

x: integer class { A, B }

states that x is an integer variable and that data from security class

Assignment Statements
An assignment statement has the form

y := f(x1, ..., xn)


Compound Statements
A compound statement has the form

begin
S1;
...
Sn;
end;

where each of the Si's is a statement. If the information flow in eac


S1 secure
...
Sn secure

A basic block is a sequence of statements in a program that has o

wait(x): if x = 0 then block until x > 0; x := x - 1;


signal(x): x := x + 1;

ANSWER KEY

PART-A

1.

Explain about State and Cookies

A message given to a Web browser by a Web server. The brows

2.

What is security pipeline interface (SPI)?

Hoffman and Davis propose adding a processor, called a secu

Figure: Use of an SPI to check for corrupted files.

3.

Write about rule of transitive confinement and virtual machine.


A virtual machine is a program that simulates the hardware of a

4.

Differentiate between covert storage channel and noiseless covert

A covert storage channel uses an attribute of the shared resource. A c

A noiseless covert channel is a covert channel that uses a resource av


5.

Draw the Secure Network Server Mail Guard diagram.

6.

What are the types of computer viruses.

A boot sector infector is a virus that inserts itself into the boot sector
An executable infector is a virus that infects executable programs.

A multipartite virus is one that can infect either boot sectors or applic

A terminate and stay resident (TSR) virus is one that stays active (re
Stealth viruses are viruses that conceal the infection of files.

A polymorphic virus is a virus that changes its form each time it inse
7.

Define Malicious logic

Malicious logic is a set of instructions that cause a site's securit

8.

Differentiate Trojan horse and propagating Trojan horse

A Trojan horse is a program with an overt (documented or known) effe

A propagating Trojan horse (also called a replicating Trojan horse) is a


9.

What is computer worm and boot sector infector?

A computer worm is a program that copies itself from one computer t

A boot sector infector is a virus that inserts itself into the boot sector
10.

List out the four steps for Flaw Hypothesis Methodology.


1. Information gathering. In this step, the testers become familiar with the

2. Flaw hypothesis. Drawing on the knowledge gained in the first step, and

3. Flaw testing. The testers test their hypothesized flaws. If a flaw does no

4. Flaw generalization. Once a flaw has been successfully exploited, the t

PART-B

7.

Explain about the Nonlattice Information Flow Policies

Denning identifies two requirements for information flow policies.

The confinement flow model is a 4-tuple (I, O, confine, ) in which


Transitive Nonlattice Information Flow Policies - A quasi-ordered

Nontransitive Information Flow Policies - Let R = (SCR, R, joinR)

A dual mapping from a reflexive information flow policy R to an o

Nonlattice policies can be embedded into lattices. Hence, analys


8.

Overview about Covert Channels in confinement problems.

A covert storage channel uses an attribute of the shared resource


A covert timing channel is usually defined in terms of a real-time

A noiseless covert channel is a covert channel that uses a resour

Detection of Covert Channels - Covert channels require sharing.

The next step is to determine whether any of these shared resou

Both the sending and receiving processes must have access to t


The sending process must be able to modify that attribute of the
The receiving process must be able to reference that attribute of

A mechanism for initiating both processes, and properly sequenc


The requirements for covert timing channels are similar to those

Both the sending and receiving processes must have access to t

Both the sending and receiving processes must have access to a

The sending process must be able to control the timing of the de

A mechanism for initiating both processes, and properly sequenc


The specific criteria are as follows.
The value of a variable is obtained from a system call.

A calling process can detect at least two different states of that va


9.

Explain about the vulnerability frameworks with neat example

The goals of a framework dictate the framework's structure. For ex


The investigators classified flaws into seven general classes.
Incomplete parameter validation
Inconsistent parameter validation
Implicit sharing of privileged/confidential data
Asynchronous validation/inadequate serialization
Inadequate identification/authentication/authorization
Violable prohibition/limit
Exploitable logic error

The Flaw Classes -

Incomplete parameter validation occurs when a parameter is not

Inconsistent parameter validation is a design flaw in which each i


Inadequate identification/authorization/authentication flaws arise
Exploitable logic error flaws encompass problems not falling into
Aslam's Model
-The Flaw Classes
-Legacy
Comparison and Analysis
-The xterm Log File Flaw
-The fingerd Buffer Overflow Flaw
10.

Explain about the Gupta and Gligor's Theory of Penetration A


Gupta and Gligor make two hypotheses.

Hypothesis of Penetration Patterns. "[S]ystem flaws that cause a

Hypothesis of Penetration-Resistant Systems. "[A] system (i.e., T

Gupta and Gligor select and formalize several properties, and from

System isolation or tamperproofness, which states that users mu


System noncircumventability, which states that the system must

Consistency of global objects belonging to the system, with respe

Elimination of undesirable system and user dependencies, which

ANSWER KEY

PART-A

1.

Differentiate between authentication policy and issuance policy.

A CA authentication policy describes the level of authentication require

A CA issuance policy describes the principals to whom the CA will issu


2.

What is threshhold scheme?

A (t, n)-threshhold scheme is a cryptographic scheme in which a

3.

Write about confinement problem and covert channel.


Access control affects the function of the server in two ways.

The server must ensure that the resources it accesses on behalf of th


The server must ensure that it does not reveal the client's data to any

A covert channel is a path of communication that was not designed to b

4.

What is sandbox?

A sandbox is an environment in which the actions of a process are restr

5.

Write the concept of Fenton's Data Mark Machine.

Fenton created an abstract machine called the Data Mark Machine to


Fenton defined five instructions. The relationships between execution
The increment instruction
x := x + 1
is equivalent to
if PC x then x := x + 1; else skip

6.

Differentiate between Trojan horse and propagating Trojan horse.

A Trojan horse is a program with an overt (documented or known) effe

A propagating Trojan horse (also called a replicating Trojan horse) is a


7.

Define the logging and auditing.

Logging is the recording of events or statistics to provide information a

Auditing is the analysis of log records to present information about the


8.

Short note on intrusion principles.

Computer systems that are not under attack exhibit several characterist

The actions of users and processes generally conform to a statistically

The actions of users and processes do not include sequences of com

The actions of processes conform to a set of specifications describing


9.

Write about the Autonomous Agents: AAFID

An autonomous agent is a process that can act independently of the s


10.

List out the suggests a layering model for a penetration study.

External attacker with no knowledge of the system. At this level, the te

External attacker with access to the system. At this level, the testers h

Internal attacker with access to the system. At this level, the testers ha

PART-B

7.

Overviews about the principles of secure design write with ex

The principle of least privilege states that a subject should be giv

The principle of fail-safe defaults states that, unless a subject is g

The principle of economy of mechanism states that security mec

The principle of complete mediation requires that all accesses to

The principle of open design states that the security of a mechan

The principle of separation of privilege states that a system shou

The principle of least common mechanism states that mechanism

The principle of psychological acceptability states that security m


8.

Explain about the Compiler-Based Mechanisms

A set of statements is certified with respect to an information flow


For example,
x: integer class { A, B }
Program Statements
A program consists of several types of statements. Typically, they
Assignment statements
Compound statements

Conditional statements
Iterative statements
Goto statements
Procedure calls
Function calls
Input/output statements.

Assignment Statements
An assignment statement has the form
y := f(x1, ..., xn)

where y and x1, ..., xn are variables and f is some function of those
lub{x1, ..., xn} y
Compound Statements
A compound statement has the form
begin
S1;
...
Sn;
end;
9.

Write about the computer viruses and several types of compu


A computer virus is a program that inserts itself into one

A boot sector infector is a virus that inserts itself into the

10.

An executable infector is a virus that infects executable p

A multipartite virus is one that can infect either boot secto

A terminate and stay resident (TSR) virus is one that stay

Stealth viruses are viruses that conceal the infection of file

A polymorphic virus is a virus that changes its form each

Explain the following


a) Anatomy of an Auditing System. (5)

Logging is the recording of events or statistics to provide informa


Auditing is the analysis of log records to present information abou
Logger
Logging mechanisms record information. The type and quantity o
Analyzer
An analyzer takes a log as input and analyzes it. The results of th
Notifier
The analyzer passes the results of the analysis to the notifier. Th
An anonymizing sanitizer deletes information in such a way that i
A state-based logging mechanism records information about a sy
A transition-based logging mechanism records information about
b) Intrusion detection architecture. (5)

Architecture of an intrusion detection system.

Agent
An agent obtains information from a data source (or set
Host-Based Information Gathering

Host-based agents usually use system and application


Combining Sources

The goal of an agent is to provide the director with infor


Director

The director itself reduces the incoming log entries to e


Notifier

The notifier accepts information from the director and t