Discuss the strengths and weaknesses of implementing an access matrix

Discuss the strengths and weaknesses of implementing an access matrix using capabilities that are associated with domains. Capabilities associated with domains provide substantial flexibility and faster access to objects. When a domain presents a capability, the system just needs to check the authenticity of the capability and that could be performed efficiently. Capabilities could also be passed around from one domain to another domain with great ease, allowing a system with a great amount of flexibility. However, the flexibility comes at the cost of a lack of control: revoking capabilities and restricting the flow of capabilities is a difficult task.

3. Bank Security

Make a list of six security concerns for a banks computer system. For each item on your list, state whether this concern relates to physical, human, or operating-system security.

In a protected location, well guarded: physical, human. Network tamperproof: physical, human, operating system. Modem access eliminated or limited: physical, human. Unauthorized data transfers prevented or logged: human, operating system. Backup media protected and guarded: physical, human.

Programmers, data entry personnel, trustworthy: human.

4. Man-in-the-middle Attack

What commonly used computer programs are prone to man-in-the- middle attacks? Discuss solutions for preventing this form of attack.

Any protocol that requires a sender and a receiver to agree on a session key before they start communicating is prone to the man-in- the-middle attack. For instance, if one were to implement on a secure shell protocol by having the two communicating machines to identify a common session key, and if the protocol messages for exchanging the session key is not protected by the appropriate authentication mech- anism, then it is possible for an attacker to manufacture a separate session key and get access to the data being communicated between the two parties. In particular, if the server is supposed to manufacture the session key, the attacker could obtain the session key from the server, communicate 1 its locally manufactured session key to the client, and thereby convince the client to use the fake session key. When the attacker receives the data from the client, it can decrypt the data, reencrypt it with the original key from the server, and transmit the encrypted data to the server without alerting either the client or the server about the attacker s presence. Such attacks could be avoided by using digital signatures to authenticate messages from the server. If the server could communicate the session key

and its identity in a message that is guarded by a digital signature granted by a certifying authority, then the attacker would not be able to forge a session key, and therefore the man-in-the-middle attack could be avoided.

5. Authentication

Why doesnt D(kd,N)(E(ke,N)(m)) provide authentication of the sender? To what uses can such an encryption be put?

D(kd,N)(E(ke,N)(m)) means that the message is encrypted using the public key and then decrypted using the private key. This scheme is not sufficient to guarantee authentication since any entity can obtain the public keys and therefore could have fabricated the message. However, the only entity that can decrypt the message is the entity that owns the private key, which guarantees that the message is a secret message from the sender to the entity owning the private key; no other entity can decrypt the contents of the message.

6. False Alarms and Real Intrusion

Consider a system that generates 10 million audit records per day. Also assume that there are on average 10 attacks per day on this system and that each such attack is reflected in 20 records. If the intrusion- detection system has a true-alarm rate of 0.6 and a false-alarm rate of 0.0005, what percentage of alarms generated by the system correspond to real intrusions?

The probability of occurrence of intrusive records is 10?20/106 = 0.0002. Using Bayes theorem, the probability that an alarm corresponds to a real intrusion is simply 0.00020.6/(0.00020.60.9998?0.0005) =0.193.2