IS623 practice

Short Answer Questions

1. Suppose you have a secure system with three subjects and threeobjects, with levels as listed below. (10points)

Here H dominates L. You wish toimplement a Bell and LaPadula model of security for this system.Fill in the access rights (R and/or W) permitted by the model foreach subject/object pair in the access matrix below:

	Obj1	Obj2	Obj3
Subj1
Subj2
Subj3

Type	Name	Level
Object	Obj1	(H, {A})
Object	Obj2	(L, {B})
Object	Obj3	(L, {A,B})
Subject	Subj1	(L, {A,B})
Subject	Subj2	(H,{B})
Subject	Subj3	(H,{A,B,C})

2. Suppose a department has determined that some users have gainedunauthorized access to the computing system. Managers fear theintruders might intercept or even modify sensitive data on thesystem. Cost to reconstruct correct data is expected to be$2,000,000 with 5% likelihood per year.

One approach to addressing thisproblem is to install a more secure data access control problem.The cost of access control software is is $50,000 with 80%effectiveness. Here is the summary of risk and control:

• Cost to reconstruct correct data = $2,000,000 with 5%likelihood per year
• Effectiveness of access control software: 80%
• Cost of access control software: $50,000

Determine the expected annual costsdue to loss and controls. Also, determine whether the costsoutweigh the benefits of preventing or mitigating the risks.(5 points)

3. Suppose your data’s binary stream is 1110101. What is the XORresult with the bit stream of 1111111? (2points)

4. Suppose the following:
   • James’ public key = K_j, James’ private key =K_j^-1
   • Randy’s public key = K_r, Randy’s private key =K_r^-1
   • Each person’s public key is known to others; Each one’s privatekey is only known to the owner

1. Explain how Randy can send a plaintext P to James secretly(2 points)

2. Explain how James can verify if a plaintext P is sent fromRandy (2 points)

3. Explain how Randy can verify if a plaintext P is sent fromJames and at the same time P is sent secretly from James to Randy.(2 points)