Professional Documents
Culture Documents
19CSC315A 2022 SEE QP1 Scheme
19CSC315A 2022 SEE QP1 Scheme
Confidentiality
All mechanisms for confidentiality require support services from the system: E.g., OS
Kernel. Assumptions and Trust underlie confidentiality mechanisms.
Integrity
19CSC315A Page 1 of 13
Set 01
Integrity Mechanisms are either prevention mechanisms or detection mechanisms.
Prevention mechanisms
1. Prevent unauthorized users from accessing information; for example:
someone breaks into a database server
2. Prevent authorized users from modifying data in an unauthorized manner.
Example: A company accountant diverts money to the personal account and
hides the transactions
Detection mechanisms only report if data is not trustworthy. Either report cause of
integrity violation (A specific part of a file is altered). Or, only report a violation (A
file is now corrupt). They do not prevent violations of integrity
Integrity is affected by both the origin of data as well as how well date is protected
along the path. This makes evaluation of integrity difficult: Relies on assumptions
(about source) and trust (on that source) two of which are often overlooked.
Availability
System designs usually assume normal patterns: patterns of use or parameters that
control the usage; e.g., Login times, network traffic patterns. These are usually
modelled using a statistical model.
Detection of DOS is difficult: 1) DOS event may look like an atypical event; hence,
need to determine if unusual patterns are due to deliberate manipulation or, just an
atypical event. 2) Atypical but non DOS events contribute to the statistics; DOS may
not appear as atypical at all.
b. List six common threats and give one example for each
19CSC315A Page 2 of 13
Set 01
5. Denial of Receipt: A denial that an entity received some information or
message; e.g., a customer denies having received the product purchaged
6. Delay: A temporary inhibition of a service; e.g., OTP for authentication is
deliberately delayed
7. Denial of Service: A long-term inhibition of service; e.g., a database server is
unable to serve due to network flood attack
A system satisfies a specification if the specification correctly states how the system
will function. Similar definitions hold for a design or an implementation.
Design: The design should satisfy the specifications. Design Verification involves the
question of whether a design satisfies specifications
The implementation creates a system that satisfies the given design. If the design
satisfies a set of specifications, the implementation also satisfies the specifications.
2 a. An information system has three users A, B, and C and defines read, write and
execute rights. Each user has a private and a publicly accessible file; user X’s files
are named x_priv and x_pub, respectively. A public file is accessible to read by
all users, while the owner has all rights over it. No one except the owner has any
right over a private file while its owner has all its rights.
1) Create the Access Control Matrix (ACM) to represent the protection
state of the system 2+3+3
+2
ACM =
=
A_priv A_pub B_priv B_pub C_priv C_pub 10
A RWE RWE R R
B R RWE RWE R
C R R RWE RWE
19CSC315A Page 3 of 13
Set 01
2) Two groups of users are created, {A, B} and {B, C}. The publicly accessible
files from each group are made write-able by all the group members.
Develop a command make.group.writeable(f, X, Y) for file f using the
HRU/ACM model primitives for this transformation
command make.group.writable(f, X, Y):
insert W into ACM[f, X];
insert W into ACM[f, Y];
end
3) Identify a sequence of make.group.writeable() commands to achieve
the transformation in ii. Above
make.group.writable(A_priv, A, B);
make.group.writable(B_priv, A, B);
make.group.writable(B_priv, B, C);
make.group.writable(C_priv, B, C);
b. Consider the information system from Q2a. Employing the Take-Grant model,
answer the following:
1) User B has take right over A and has a grant right over C. Formulate the
Protection Graph to model the state in Q2a.2) along with these rights
3+2+1
=
6
19CSC315A Page 4 of 13
Set 01
2) Prove that all the users share the same rights over all the objects
The set {A, B, C} is an island. Hence, they can share the same rights over all the
objects.
3) Identify the common set of rights over x_priv and x_pub files
The common rights over x_priv: RWE; same with x_pub
c. List the primitives of the HRU/ACM model and elaborate on one of them
create subject s;
create object o;
enter r into A[s, o];
delete r from A[s, o];
destroy subject s;
destroy object o;
The student is expected to elaborate on one primitive command; e.g.,
1. Precondition: 𝑠 ∈ 𝑆 4
Confidentiality Policy
A confidentiality Policy is one which is concerned with the protection of
confidentiality of the information in the system, i.e., against its unauthorized
disclosure.
The first concern is of Information Flow which can happen through two forms: 1)
Leakage of rights and 2) Unauthorized transformation of information without 6
leakage of rights. Since the rights of subjects need to change, a confidentiality policy
need to be able to handle changes in authorization.
An example of a confidentiality policy is policy governing the access to information
in a military. Another is that governing a government organization which holds
citizen information.
Integrity Policy
An integrity policy is concerned with the protecting the integrity of information or
resource. It identifies authorized ways of altering information and entities that are
authorized to do the alteration. The authorization derives from many relationships
19CSC315A Page 5 of 13
Set 01
and also external influence. In many systems, separation of duty is imposed which
forbids a single entity from completing a transaction on its own.
Availability Policy
An availability policy is concerned with the availability of resource for its intended
use. It describes the services to be provided. It may also list the range of parameters
within which the services are accessible; e.g., a secure browser may not be allowed
to download applets. In addition, it may also identify the required level of service;
e.g., authorization should be completed within a minute.
An example of an authorization policy would be a Service Level Agreement of a Cloud
Service Provider
b. Define and explain the Discretionary, Mandatory and Originator Controlled
Access Control mechanisms.
A Discretionary Access Control (DAC) is also known as Identity Based Access Control
(IBAC). In this, an individual user (owner) can set an access control mechanism to
allow/disallow access to a particular object. DAC is based on the identity of the
subject and the object involved. An example: A child decides that only her mother
can read her diary.
Argue why or why not each of these three access control types is employed in each
of the following:
1) Access control to a user file in an operating system
2) The fields of a spreadsheet shared on the cloud can only be changed
with the approval of its creator
19CSC315A Page 6 of 13
Set 01
it a MAC. Most operating systems do not implement ORCON but only MAC
and DAC aspects. Thus it is not an ORCON
c. Consider an information protection system whose programs are expressed as
abstract functions. Let c be a confidentiality policy for the system and m1 and m2
be two security mechanisms for a program p = p(i1, i2, …, in) under c.
1) Define a Protection Mechanism m for the system
3+3
In a military organization, the Simple Security Condition prevents leakage of =
information from and about an object at a higher level of classification to subjects 6
whose clearance is below its security level. This prevents unauthorized disclosure.
The *-Property is used to prevent indirect disclosure by not allowing a subject to
write to any object with a clearance level below it. Thus, the subject cannot disclose
the information about and from an object at a higher level to a subject at a lower
level by copying the information into an object at a lower level accessible to the
intended recipient.
19CSC315A Page 7 of 13
Set 01
prevents the personal information being accessible or its existence known by
persons without the required executive privilege. The *-Property stops indirect
leakage of information via its distribution using a document at a lower clearance
level.
b. A military department has TOP SECRET, SECRET, CONFIDENTIAL and
UNCLASSIFIED security levels for its staff and three categories of documents
OPERATIONS, TACTICAL and STRATEGIC
1) Determine the read and write permissions that an officer with clearance
(SECRET, {OPERATIONS, TACTICAL}) can have over documents classified
as (CONFIDENTIAL, {TACTICAL})
2) Determine the read and write permissions that an officer with clearance
(SECRET, {STRATEGIC}) can have over documents classified as (TOP
SECRET, {TACTICAL, STRATEGIC})
19CSC315A Page 8 of 13
Set 01
19CSC315A Page 9 of 13
Set 01
At the diagnostic company, this principle being implemented means that the test
information will be appended to the patient record only after the responsible
clinician adds the diagnostic company’s clinician to the ACL of the patient record.
3) Argue how this will help protect the patient privacy and medical record
integrity
The (implicitly stated) NDA between the hospital and the diagnostic company
prevents the disclosure information from patient record.
The clinician at the diagnostic company is bound by law to only append correct test
result information and not alter any other part of the record. This preserves the
record integrity
c. Bob wants to receive encrypted messages from Alice using RSA encryption. He
selects two primes p = 43 and q = 59 and the key parameters, e = 14 and d = 937.
Alice wants to send the message “STOP” to Bob. Using mapping {(A, 0), (B, 1),
…., (Z, 25)} and message blocks of size 4 integers, compute the cyphertext and
decoded plaintext messages. Verify the encryption mechanism for this instance
The Vigenere Cypher treats letters as numbers: [A=0, B=1, C=2, …, Z=25] 4
Given m, a positive integer and a key 𝐾 = (𝑘1 , 𝑘2 , … , 𝑘𝑚 ), the encryption and
decryption functions are:
19CSC315A Page 10 of
13
Set 01
𝑒𝐾 (𝑝1 , 𝑝2 , … , 𝑝𝑛 ) = (𝑝1 + 𝑘1 , 𝑝2 + 𝑘2 , … , 𝑝𝑛 + 𝑘𝑛 ) 𝑚𝑜𝑑 26
𝑑𝐾 (𝑐1 , 𝑐2 , … , 𝑐𝑛 ) = (𝑐 − 𝑘1 , 𝑐2 − 𝑘2 , … , 𝑐𝑛 − 𝑘𝑛 ) 𝑚𝑜𝑑 26
Example:
• Plaintext: CRYPTOGRAPHY
• Key: LUCKLUCKLUCK
• Ciphertext: N L A Z E I I B L J J I
b. Explain the evolution of three generations of firewalls in protecting
organizations’ network perimeter
The National Institute of Standards and Technology (NIST) 800-10 divides firewalls
into three generations:
1. Packet filters (1st Generation)
2. Stateful inspection (2nd Generation)
3. Application Firewall (3rd Generation)
1. Packet filters (1st Generation)
These validate packets based on protocol, source and/or destination IP addresses,
source and/or destination port numbers, time range, Differentiate Services Code
Point (DSCP), type of service (ToS), and various other parameters within the IP
header. This is accomplished using Access Control Lists (ACL) on routers or switches
and are normally very fast. Traffic enters or exits an interface, ACLs are used to
match selected criteria and either permit or deny individual packets.
Advantages: Located in just about every device on the network. Routers, switches,
wireless access points, Virtual Private Network (VPN) concentrators, and so on may
all have the capability of being a packet-filtering firewall.
8
Caveats: No visibility into the data portion of the IP packet. They match only
individual packets, which enables an individual with malicious intent to easily
circumvent security by crafting packets, misrepresenting traffic using well-known
ports, or tunnelling traffic unsuspectingly within traffic allowed by the ACL rules.
These have the all the advantages of the first generation in addition to being able to
dynamically filter packets.
However, they carry over the disadvantages of the first generation apart from being
more complex to implement and configure
19CSC315A Page 11 of
13
Set 01
3. Application Firewall {Next Generation Firewall} (3rd Generation)
These are an evolution from a stateful firewall, that is application aware, i.e. capable
to recognize and block applications according to specific patterns and fingerprints
peculiar of the application itself. Unlike a traditional firewall control by mean of the
“IP Address – Port/Protocol“, NGFW enforces “user – application” paradigm based
on users authenticated on external repositories (Active Directory, LDAP or Radius).
Traffic enters or exits an interface, ACLs are used to match selected criteria and
either permit or deny individual packets.
Advantages: Advanced control, based on an application signature that provides
control at the application layer. Can leverage application knowledge for use in
interrogating threats
Caveats: Much higher skill set to ensure proper Application-Identity integration for
deriving optimal benefit from the investment
c. A software firm develops backend process software for banks and oil companies.
Two of its developers, Ankitha and Surya, work on projects for Axis Bank and
State Bank of India
1) Develop a Chinese Wall model to address the Conflict of Interest (COI)
There are two COI classes: Bank COI and Oil Company COI
The Bank COI consists of Company Datasets (CDs) from all the banks that are
customers of the software firm
Similarly, the Oil Company COI has the CDs of all the Oil Companies to which the firm
creates/sells its software.
3+2+3
CW-Simple Security Condition: A subject S can read an object O if and only if any of =
the following is true: 8
1. There is an object O’ such that S has accessed O’ and CD(O’) = CD(O)
2. For all objects O’, 𝑂′ ∈ 𝑃𝑅(𝑆) ⟹ 𝐶𝑂𝐼(𝑂′ ) ≠ 𝐶𝑂𝐼(𝑂′ ), where PR(S) is the
set of objects previously read by S
3. O is a sanitized object
19CSC315A Page 12 of
13
Set 01
The CW-Simple Security Condition prevent direct COI. Initially PR(S) is null. If Anktha
has read one document O from a CD(O), this condition would prevent S from reading
any document from any COI class different from that of O. Thus she cannot access
an Oil Company CD once she works on a Bank CD.
The CW-*-Property stops indirect leakage of information. If Ankitha has read and
object O, in future he/she can only write to objects from the same CD(O). Thus, she
cannot write to an object from Bank COI class to which Surya may has access.
*CO – Course Outcome
Course Outcomes
1 Describe elements of security and mechanisms to provide information security
assurance
2 Explain how security can be provided and monitored using IT infrastructure
3 Recommend appropriate security provisions at application, operating system and
network levels to secure information
4 Analyze IT security practice in a given scenario for threats and vulnerabilities and
suggest countermeasures
5 Design software solutions with consideration for security and apply provisions for
security in IT infrastructure
19CSC315A Page 13 of
13