System and its vulnerabilities | Information Systems homework help

Chapter 1

1. Distinguish between vulnerability, threat, and control.

2. Theft usually results in some kind of harm. For example, if someone steals

your car, you may suffer financial loss, inconvenience (by losing your mode of

transportation), and emotional upset (because of invasion of your personal

property and space). List three kinds of harm a company might experience from

theft of computer equipment.

3. List at least three kinds of harm a company could experience from electronic

espionage or unauthorized viewing of confidential company materials.

4. List at least three kinds of damage a company could suffer when the integrity

of a program or company data is compromised.

5. List at least three kinds of harm a company could encounter from loss of

service, that is, failure of availability. List the product or capability to which

access is lost, and explain how this loss hurts the company.

6. Describe a situation in which you have experienced harm as a consequence of

a failure of computer security. Was the failure malicious or not? Did the attack


target you specifically or was it general and you were the unfortunate victim?


Chapter 2


1. Describe each of the following four kinds of access control mechanisms in

terms of (a) ease of determining authorized access during execution, (b) ease of

adding access for a new subject, (c) ease of deleting access by a subject, and (d)

ease of creating a new object to which all subjects by default have access.

• per-subject access control list (that is, one list for each subject tells

all the objects to which that subject has access)

• per-object access control list (that is, one list for each object tells all

the subjects who have access to that object)

• access control matrix

• capability

2. Suppose a per-subject access control list is used. Deleting an object in such a

system is inconvenient because all changes must be made to the control lists of

all subjects who did have access to the object. Suggest an alternative, less costly

means of handling deletion.

3. File access control relates largely to the secrecy dimension of security. What

is the relationship between an access control matrix and the integrity of the

objects to which access is being controlled?

4. One feature of a capability-based protection system is the ability of one

process to transfer a copy of a capability to another process. Describe a situation

in which one process should be able to transfer a capability to another.

5. Suggest an efficient scheme for maintaining a per-user protection scheme.

That is, the system maintains one directory per user, and that directory lists all

the objects to which the user is allowed access. Your design should address the

needs of a system with 1000 users, of whom no more than 20 are active at any

time. Each user has an average of 200 permitted objects; there are 50,000 total

objects in the system.

6. Calculate the timing of password-guessing attacks:

(a) If passwords are three uppercase alphabetic characters long, how much

time would it take to determine a particular password, assuming that testing

an individual password requires 5 seconds? How much time if testing

requires 0.001 seconds?

(b) Argue for a particular amount of time as the starting point for “secure.”

That is, suppose an attacker plans to use a brute-force attack to determine a

password. For what value of x (the total amount of time to try as many

passwords as necessary) would the attacker find this attack prohibitively


(c) If the cutoff between “insecure” and “secure” were x amount of time,

how long would a secure password have to be? State and justify your

assumptions regarding the character set from which the password is

selected and the amount of time required to test a single password.

7. Design a protocol by which two mutually suspicious parties can authenticate

each other. Your protocol should be usable the first time these parties try to

authenticate each other.

8. List three reasons people might be reluctant to use biometrics for

authentication. Can you think of ways to counter those objections?

9. False positive and false negative rates can be adjusted, and they are often

complementary: Lowering one raises the other. List two situations in which false

negatives are significantly more serious than false positives.

10. In a typical office, biometric authentication might be used to control access to

employees and registered visitors only. We know the system will have some false

negatives, some employees falsely denied access, so we need a human override,

someone who can examine the employee and allow access in spite of the failed

authentication. Thus, we need a human guard at the door to handle problems, as well

as the authentication device; without biometrics we would have had just the guard.

Consequently, we have the same number of personnel with or without biometrics,

plus we have the added cost to acquire and maintain the biometrics system. Explain


the security advantage in this situation that justifies the extra expense.

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more