August 1999
SC223 : COMPUTER SECURITY

QUESTION 5

Total Marks: 20 Marks

 Click here to access other questions

SUGGESTED SOLUTIONS
Solutions and allocated marks are indicated in green.
Return to Question 5
(a) Identify and explain the two approaches used in cascading authentication in distributed systems. [4]
Trusted Path Propagation: A propagation of a trusted path is assumed when the processes are permitted to pass the identification and authentication information to other processes and components. Privilege Passing: privileges are permitted to propagate among the distributed, co-operative and intelligent system, that lead to security risks evident to system resources and data.

 
(b) Name any two Specific and Pervasive security mechanisms used in networks. [4]
Specific security mechanisms:
  • Encipherment
  • Digital signature
  • Access control
  • Data integrity
  • Traffic padding
  • Routing control
  • Notarisation

Pervasive security mechanisms:

  • Trusted functionality
  • Security labels
  • Event detection
  • Security audit trail
  • Security recovery

 

  

 

 


 
(c) Explain any three practical approaches used to gain the management approval for the security program with in an organization. [6]
Any three of the following:
  • Define value of information assets.
  • Define types of sensitive information processes in the network.
  • Define the threats against the network.
  • Provide specific examples of security breaches and projected losses.
  • Present network security priority list and costs required for each activity.

 
(d) Name the three main activities involved in network risk analysis. [3]
Sensitivity assessment; risk assessment; and economic assessment.

 
(e) Explain briefly the three sub-activities of economic assessment as a part of risk analysis. [3]
  • Countermeasure application: used to reduce risk by quantifying the countermeasures applied (1 mark).
  • Residual risk: used to define the remaining risk value after countermeasures have been applied (1 mark).
  • Process iteration: repetition of pervious two steps until residual risk value is considered to be acceptable (1 mark).