Shri Shankaracharya Technical Campus

Department of Computer Science and Engineering

Information Security
Unit III-IV-V
Assignment 2
Assignment Given Date: 08/11/2023

Assignment Submission date 18/11/2023

1. Describe a danger that this feature presents when the language interpreter is running with administrative or root
privileges.
2. Explain how the principle of least privilege could be used to ameliorate this danger.
3. Discuss how this technique might prevent legitimate users from accessing the system. Why is this action a violation of
the principle of least common mechanism?
4. In what ways does this satisfy the principle of open design? In what ways does it not?
5. Assume that processes on a system share no resources. Is it possible for one process to block another process’ access
to a resource? Why or why not? From your answer, argue that denial of service attacks are possible or impossible.
6. Suppose two different user accounts have the same UID. What problems might this cause? What, if any, are the
benefits?
7. Give reasons why root should not be able to change the audit UID on a UNIX system, and give reasons why it should.
Which reasons sound more persuasive to you?
8. Assume that the password is kept in the clear in the cookie. What should the settings of the secure and expires fields
be, and why?
9. Is the cookie storing state or acting as an authentication token, or both? Justify your answer.
10. Explain why some UNIX-based systems with ACLs do not allow root to alter the ACL. What problems might this create?
11. A company wishes to market a secure version of the Swiss Cheese Operating System (SCOS), known as much for its
advanced user and database management features as for its security vulnerabilities. The company plans to build a
virtual machine to run SCOS and run that virtual machine on a second system, the Somewhat Secure Operating System
(SSOS). The marketing literature claims that the VM running SCOS provides total isolation, thereby eliminating any
potential security problems.
(a) Does this arrangement provide total isolation? If your answer is “no,” discuss what features the VM would need to
include to provide total isolation or show why this arrangement cannot provide total isolation.
(b) The literature states that “the VM mediates all accesses to real system resources, providing an impenetrable barrier
to any attacker trying to break out of the SCOS and attack other copies of SCOS running on the SSOS.” Do you agree or
disagree with this statement? Why? (If you would need more information in order to make a decision, state what
information you would need and why.

12. In the Janus system, when the framework disallows a system call, the error code EINTR (interrupted system call) is
returned.
(a) When some programs have read or write system calls terminated with this error, they retry the calls. What problems
might this create?

(b) Why did the developers of Janus not devise a new error code (say, EJAN) to indicate an unauthorized system call?

13. A computer security expert contends that most break-ins to computer systems today are attributable to flawed
programming or incorrect configuration of systems and products. If this claim is true, do you think design assurance is as
important as implementation and operational assurance? Why or why not?

14. Why is the waterfall model of software engineering the most commonly used method for development of trusted
systems?

15. Distinguish between a policy requirement and a mechanism. Identify at least three specific security requirements for
a system you know and describe at least two different mechanisms for implementing each one.

16. Discuss the benefits and disadvantages of building secure and trusted products or systems with assurance using an
Agile software development methodology.

17. Why does the Boyer-Moore theorem prover perform induction only when the other five steps fail to simplify the
formula? Why does it not try induction first?

18. Compare the life cycle concept that the PVS proof checker uses with the waterfall model of software engineering .
Can the life cycle concept be expressed as a form of the waterfall model?

19. What are the values of doing formal evaluation? What do you see as the drawbacks of evaluation?

20. . What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the
TOE Security Functions?

21. Describe a family of security functional requirements that is not covered in the Common Criteria. Using the CC style
and format, develop several requirements.

22. Tripwire does not encipher the signature blocks. What precautions must installers take to ensure the integrity of the
database?

23. Why might an analyst care how similar two vulnerabilities are?

24. Describe a set of constraints for the Clark-Wilson model that lead to a description of the conditions that an audit
mechanism should detect. Give these conditions.

25. Prove or disprove that state-based logging and transition-based logging are equivalent if and only if the state of the
system at the first transition is recorded.

26. Why should the administrator (or the superuser) account never be locked regardless of how many incorrect login
attempts are made? What should be done instead to alert the staff to the attempted intrusion, and how could the
chances of such an attack succeeding be minimized?

27. As encryption conceals the contents of network messages, the ability of intrusion detection systems to read those
packets decreases. Some have speculated that all intrusion detection will become host-based once all network packets
have been encrypted. Do you agree? Justify your answer. In particular, if you agree, explain why no information of value
can be gleaned from the network; if you disagree, describe the information of interest.

28. Systems can log both successful and unsuccessful attempts to access files. This is often not enabled. Why?

29. Every time a process is started on a Microsoft Windows system, a corresponding event is entered into the security
log. Although the name of the file being executed is logged, no parameters (such as command-line arguments) are
logged. In earlier versions of the system, the full command, including parameters, was logged by default. (a) Why would
one want to enable the logging of both the name of the executed file and parameters? (b) Why would one want to
enable the logging of the name of the executed file and not want to log parameters?

30. Systems can log both successful and unsuccessful file accesses. But this is often not enabled. Why not?

31. Consider the scheme used to allow customers to submit their credit card and order information. States that the
enciphered version of the data is stored in a spooling area that the Web server cannot access. (a) Why is the file kept
inaccessible to the Web server? (b) Because the file is inaccessible to the Web server, and no other services are available
to an attacker from the Internet, the encipherment may seem unnecessary. Discuss this issue, but assume that the
attacker is on the internal network.

32. A system administrator on a development network workstation wants to execute a program stored on a DVD. What
steps could the Drib take to configure the workstation to prevent the system administrator from mounting the DVD and
executing the program?

33. The web server on the DMZ Web server system renames temporary files used to record transactions. The name has
the form trns followed by the integer representation of the date and time, followed by one or more digits. Why are the
extra digits necessary?

34. Many UNIX security experts say that the umask should be set to 077 (that is, to allow access only to the owner).
Why? What problems might this cause?

35. Currently, the program described in this chapter is to have setuid-to-root privileges. Someone observed that it could
be equally well-implemented as a server, in which case the program would authenticate the user, connect to the server,
send the command and role, and then let the server execute the command. (a) What are the advantages of using the
server approach rather than the single program approach? (b) If the server responds only to clients on the local
machine, using interprocess communication mechanisms on the local system, which approach would you use? Why? (c)
If the server were listening for commands from the network, would that change your answer to the previous question?
Why or why not? (d) If the client sent the password to the server, and the server authenticated, would your answers to
any of the three previous parts change? Why or why not?

36. Explain the Security Architecture and Write the analysis of Security in Linux and Windows operating
system.
37. What is Digital forensics? Explain with Example.
38. Explain Database Security. Explain database auditing and Database auditing.