 Classify each of the following as a violation of confidentiality, of integrity, of availability, or of some

combination thereof.
1. John copies Mary’s homework.
2. Paul crashes Linda’s system.
3. Carol changes the amount of Angelo’s check from $100 to $1,000.
4. Gina forges Roger’s signature on a deed.
5. Rhonda registers the domain name “AddisonWesley.com” and refuses to let the publishing
house buy or use that domain name.
6. Jonah obtains Peter’s credit card number and has the credit card company cancel the card and
replace it with another card bearing a different account number
7. Henry spoofs Julie’s IP address to gain access to her computer.

Answer:-

1. Confidentiality may or may not be violated here, depending on whether the class policy allows working
together on homework.  It is compromised by reading and copying
Integrity is certainly violated, since Mary’s work might come from Mary or from John.
2. Availability
3. Integrity: integrity means Assures that information and programs are changed only in a
specified and authorized manner
4. Integrity:
5. Availability and integrity are both violated here. The domain name is unavailable to the company
that wants it, and customers connecting to this URL expect it to belong to the company, rather than to
Rhonda.
Availability: it means that Assures that systems work promptly and service is not denied to
authorize users. Sdf meeting itting
6. Confidentiality is violated since Peter’s credit card number should not be public information.
Availability is violated since Peter’s card is cancelled.
Integrity is violated because the new card is fake.
7. IP addresses are not considered confidential information, so the only violation here is integrity.

Confidentiality Integrity Availability Authenticity

 Reading other  Modification  Delay  Spoofing
email  Alteration  Dos  masquerading
 Degradation of
service
 Interruption

 Identify the solution of attaching mechanisms?

Attacking technique By which mechanism we thwart of counter the treats?

Snooping Confidentiality
Modification or alteration Integrity
 Masquerading or spoofing
Repudiation of origin
Denial of receipt,
Delay
Denial of service,
Integrity services (called “authentication services” in this
context) counter this threat.
Integrity
Integrity
Availability mechanisms can thwart this threat.
Availability mechanisms counter this threat.

 Identify mechanisms for implementing the following. State what policy or policies they might be
enforcing.
1. A password-changing program will reject passwords that are less than five characters
long or that are found in the dictionary.
2. Only students in a computer science class will be given accounts on the department’s
computer system.
3. The login program will disallow logins of any students who enter their passwords
incorrectly three times.
4. The permissions of the file containing Carol’s homework will prevent Robert from
cheating and copying it.
5. When World Wide Web traffic climbs to more than 80% of the Network’s capacity,
systems will disallow any further communications to or from Web servers.
6. Annie, a systems analyst, will be able to detect a student using a program to scan her
system for vulnerabilities.
7. A program used to submit homework will turn itself off just after the due date.

Answer:-

1. Authentication: The policy element is that easily guessed passwords are forbidden.
The mechanism element is the program checking for, and rejecting, those passwords.
2. Access  Control
3. Authentication  
4. Confidentiality  and Authentication
5. Monitor  and  Response  
6. Monitor  and  Response  
7. Monitor  and  Response  

 Please give an example of a situation in which each of the following is true:

Answer:-

1. Prevention is more important than detection and recovery?

Answer: - Losing data.
In general, prevention is better than detection and recovery.
2. Detection is more important than prevention and recovery.
Answer: - If prevention fails, unless there is detection cannot be recovery.
For example: - detecting illegitimate changes in a bank account bank.

3. Recovery is more important than prevention and detection.

Answer: - Finally if prevention has failed, after detection,
recovery should bring back the initial situation. For example fixing a fiber cut.

 Give an example of a situation in which a compromise of confidentiality leads to a compromise

in integrity?

Answer:-

Unauthorized access to information is disclosure.

...
 Confidentiality  services  counter  this  threat
...
 For  instance,  the  man-‐in-‐the-‐middle  
attack  is  a  kind  of  deception,  where  the  receiver  and  sender  do  not  realize  that  an  
intruder  is  reading  the  sent  information  and  possibly  sending  false  information  to  
the  receiver
...
 Interruption  or  prevention  of  correct  operation  is  called  disruption
...
 The  attacker  may  prevent  the  server  from  providing  service  to  the  requesting  client
...
 Unauthorized  control  of  some  part  of  the  system  is  called  usurpation
...
 Integrity  services  (called  “authentication  services”,  in  this  context)   counter  this  threat