SHW3 - IS2150/TEL2810 Introduction to Security Homework 3...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
IS2150/TEL2810 Introduction to Security Homework 3 Sample Solution Question 1: Section 2.6 Exercises 1 and 2
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Question 1: Section 3.5 Exercise 1
Background image of page 2
Question 2: Exercise on Lattice S = {11, 12, 13, 21, 22, 23, 31, 32, 33} The relation l over set S is partial order, as it is reflexive (e.g., 11 l 11), anti-symmetric (e.g., 11 l 12 but 12 n 11), and transitive (e.g., 11 l 12, 12 l 32, and 11 l 32). However, it is not a total order because not every pair of elements are comparable (e.g., 13 n 32 and 32 n 13, i.e., the relation is not applying to 13 and 32 either way). 11 12 13 21 22 32 33 31 23
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
It’s also a lattice. Because in addition to being partial order (reflexive, anti-symmetric, and transitive), every two elements have a greatest lower bound and least upper bound. Question 3: Section 4.8 Exercise 3, 4, 5, and 6 3. (a) Assume that the system has no integrity controls. This is true. If a system lacks integrity, then data can be changed without restraint. So, anyone can change another user’s authentication information, allowing them access to that user’s account—and allowing them to see any data for that user or, by generalizing this in the obvious way, any user on the system. If some integrity controls work, then the ability of the system to provide confidentiality depends on the effectiveness of the integrity controls and their use to protect critical information. b. Assume that the system has no confidentiality controls. If there is no confidentiality, then all authentication information will be available. Unless authentication mechanisms do not use secret information (for example, biometrics or positions), any user can authenticate as another user. Hence there is no integrity. Now suppose authentication information does not rely on confidentiality. Can the data in a file be kept confidential? To do so, either the user must be prevented from reading the file (for which there are no controls) or from reading the data in the file (for example, by cryptography). In the latter case, if the data is encrypted on the system, the key must be available, and as there is no confidentiality, the key can be read. If the data is not encrypted on the system, then the data cannot be used on the system but will remain
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/02/2009 for the course SIS 2150 taught by Professor Joshi during the Spring '09 term at Philadelphia.

Page1 / 7

SHW3 - IS2150/TEL2810 Introduction to Security Homework 3...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online