Al Ain University (AAU)

College of Engineering (CoE)

Computer Security Fundamentals (0112200)

Assignment 2 Fall 2024-2025

Student ID 202111238
Student Name Adel Al-Khaldi

Course Learning Total Student

Question #
Outcomes (CLO) Mark Mark
1 CLO 3 2

2 CLO 4 4

3 CLO 5 4

10

Instructions:
1. Read these instructions and the questions carefully.
2. Do not forget to write your name and your student id.
3. This is an individual assignment; you cannot solve it in groups or with partners.
4. Plagiarism is not tolerated.
5. Write down all the steps that you’ve done to obtain your answers.
Question 1: [2 marks]

Write which access control model (DAC, RBAC, MAC, ABAC) is used in the following
cases.

Scenario Access control

model

1 The IT department Staff are allowed to access and configure RBAC

network infrastructure.

2 Users can only view financial reports if they are financial ABAC
analyst and work in the finance department.
3 Sarah, the branch manager, grants Tom, a teller, access to DAC
specific customer files for a transaction.
4 Only bank employees with a specific security clearance level, MAC
as determined by the Bank Security Policy, are allowed to view
sensitive financial data.

Question 2: [4 marks]
Classify each of the following passwords attacks cases to (Workstation Hijacking, Electronic
Monitoring, Password Guessing Against Single User, Exploiting Multiple password Use).

Description of authentication method Classification

1 John knows Eric’s birthdate and favorite sports team. Using this Password
personal information, John attempts to guess Eric’s password by guessing
trying several combinations of these details, hoping one will work. against single
user
2 Eric leaves his laptop unlocked in the computer lab after submitting Workstation
his homework. While Eric steps out to grab a coffee, John notices the Hijacking
laptop and accesses Eric’s files without needing a password.

3 John discovered Eric’s password for one service, John attempted to Exploiting
use the same credentials on other platforms Eric uses, and he multiple
succeeded in unauthorized accessing them. password use
4 John installs a keylogger on Eric’s computer after learning about Electronic
Eric’s routine. The keylogger silently records every keystroke, Monitoring
including any passwords Eric types, which John later uses to gain
access to Eric’s system.
Question 3: [4 marks]

For each of the following scenarios, identify the most appropriate type of malware or attack
technique (Trapdoor, Spyware, Clickjacking, Malvertising).

Scenario Malware
1 An employee observes that their computer has been compromised, Spyware
and sensitive company documents have been sent to an external
source. The breach was traced back to software that exploited
vulnerabilities to monitor user activities and report them.
2 A user visits their favorite, reputable news website. Without Malvertising
clicking anything, an ad displayed on the page triggers an
automatic download of malicious software onto their system. The
user had no idea that the ad itself was the source of the problem.
3 A user visits a website and clicks on the "Play" button, but Clickjacking
unknowingly, this triggers another action, such as enabling a
webcam or sharing confidential data.
4 A company’s security team discovers that an attacker has gained Trapdoor
unauthorized access to a critical system. Upon investigation, they
find a hidden entry point in the software that allows the attacker to
bypass authentication measures and access sensitive data at any
time. This entry point was left intentionally in the system by a
developer who had access to the code.