Solution Manual for Security in Computing, 5th Edition

Preview (16 of 90 Pages)

100%

Purchase to unlock

Loading page image...

Solutions Manual forSecurity in ComputingFifth EditionCharles P. PfleegerShari Lawrence PfleegerandJonathan MarguliesThis text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

ContentsCONTENTSIIIPREFACEV1: INTRODUCTION2Outline2Exercises32: TOOLBOX: AUTHENTICATION, ACCESS CONTROL, AND CRYPTOGRAPHY9Outline9Exercises123: PROGRAMS AND PROGRAMMING18Outline18Exercises214: THE WEB—USER SIDE27Outline27Exercises295: OPERATING SYSTEMS33Outline33Exercises356: NETWORKS39Outline39Exercises447: DATABASES54Outline54Exercises568: CLOUD COMPUTING59Outline59Exercises619: PRIVACY IN COMPUTING64This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

ContentsivOutline64Exercises6710: MANAGEMENT AND INCIDENTS71Outline71Exercises7411: LEGAL ISSUES AND ETHICS77Outline77Exercises8012: DETAILS OF CRYPTOGRAPHY83Outline8313: EMERGING TOPICS86Outline86This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

PrefaceThis is the instructor’s manual to complementSecurity in Computing,Fifth Edition(copyright2015). This fifth edition is a significant modification from previous editions, with major changesin many places.This instructor’s manual is organized in the order of the chapters of the book. Each chaptercontains three parts:•An introduction to the chapter•A detailed outline of the chapter•Solutions to selected exercisesThe introduction to the chapter gives student objectives and suggestions for teaching the chapter.The detailed chapter outline can be transformed into projector slides or distributed to the studentsfor their note-taking during a lecture.We have not included answers to many of the more open-ended questions, which requirecreativity on the part of the student whose answers can vary considerably. In cases where ananswer is given for a more open-ended question, the answer is, obviously, only a suggestion, andother possibilities should also be accepted.We would be pleased to hear of additions, extensions, and new uses for this book that makeit more useful in a course or more accessible to students. We also welcome suggestions for thissolutions manual. It is not appropriate to put it on the web, because some students would betempted to use its answers instead of working on the exercises themselves.Although we are very pleased with the careful production job that was done on this book, afew errors always remain. We would like to correct these as soon as I can. Please send comments,suggestions, or corrections on either the main text or this solutions manual to us at〈chuck@pfleeger.com, shari@pfleeger.com, jonathan@qmulos.com〉. Thank you.Version: 20-Mar-15This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

1: IntroductionThis chapter has three major purposes: (1) introduce students to the field of computer security andmotivate study, (2) introduce concepts and terms, and (3) introduce frameworks for thinkingabout security problems. The students will probably be familiar with the concepts in general(such as threat, vulnerability, and control) from practical experience. In this chapter, studentsshould develop a more formal understanding of these concepts, although some concepts will berefined and elaborated upon in later chapters. For example, authentication is discussed in Chapter2, and network attacks are discussed in Chapter 6. It is often sensible to move quickly throughthis chapter and get to the later chapters that contain more substance. Similarly, exam questionsfor this chapter may be rather simple, so it may be more appropriate to defer an exam until aftercovering chapters containing material that better lends itself to exam questions.Several of the exercises in this chapter require the student to demonstrate understanding ofconcepts by answering security questions with examples from everyday experience. There is nosingle “right” answer to these questions.Many instructors follow the chapters out of order or skip sections in order to get to latermaterial. The students are often particularly interested in Chapter 6, “Networks,” and so they liketo study that material relatively early in the course.OutlineI.What Is Computer Security?a.Protection of Assetsi.Hardwareii.Softwareiii.Datab.Vulnerabilityc.Threatd.Attacke.Control/CountermeasureII.Threatsa.C-I-A Triadi.Confidentiality, Integrity, and Availabilityii.Also: Authentication, Nonrepudiationb.Confidentialityi.Unauthorized Person (Subject) Accesses Data (Object)c.Integrityi.Threat to Precision, Accuracy, or ConsistencyThis text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

1: Introduction3d.Availabilitye.Types of Threatsi.Human vs. Nonhumanii.Malicious vs. Nonmaliciousiii.Random vs. Directedf.Advanced Persistent Threat (APT)i.Organized, Directed, Malicious, Sophisticatedg.Types of Attackersi.Individualsii.Organized, Worldwide Groupsiii.Organized Crimeiv.TerroristsIII.Harma.Risk Managementi.Impactii.Likelihoodb.Methodc.Opportunityd.MotiveIV.Vulnerabilitiesa.Weakness in Design, Implementation, Procedures, etc.V.Controlsa.Prevent, Deter, Deflect, Mitigate, Detect, or Recoverb.Types of Controli.Physicalii.Procedural/Administrativeiii.Technicalc.“Defense in Depth” or “Overlapping Controls”Exercises1.Distinguish between vulnerability, threat, and control.This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

1: Introduction4A threat is a potential to do harm. A vulnerability is a means by which a threat agentcan cause harm. A control is a protective measure that prevents a threat agent fromexercising a vulnerability.2.Theft usually results in some kind of harm. For example, if someone steals your car, youmay suffer financial loss, inconvenience (by losing your mode of transportation), andemotional upset (because of invasion of your personal property and space). List three kindsof harm a company might experience from theft of computer equipment.Ideal answers will include both tangible harm (loss of valuable property) andintangible harm (loss of—and need to reconstruct—important data).3.List at least three kinds of harm a company could experience from electronic espionage orunauthorized viewing of confidential company materials.Possible answers include loss of competitive edge, loss of trade secrets, publicembarrassment or harm to reputation, legal liability for failing to upholdconfidentiality agreements with third parties.4.List at least three kinds of damage a company could suffer when the integrity of a programor company data is compromised.Possible answers include inability to perform necessary business functions (becauseof software modification), public embarrassment (e.g., if website is defaced), loss ofemployees’ time (to find and correct modifications), possible loss of life or seriousharm (if safety-‐critical software is modified).5.List at least three kinds of harm a company could encounter from loss of service, that is,failure of availability. List the product or capability to which access is lost, and explain howthis loss hurts the company.Possible answers include inability to perform necessary business functions, loss ofcustomers (if they relied on the company’s availability), and loss of income during thedowntime. Possible products or capabilities include back-‐office systems that allowemployees to do their jobs (e.g., workstations, internal websites, shared storage),and services offered to customers (e.g., external websites, computinginfrastructure).6.Describe a situation in which you have experienced harm as a consequence of a failure ofcomputer security. Was the failure malicious or not? Did the attack target you specifically,or was it general and you were the unfortunate victim?Possible answers include any situation in which the student was harmed by a breachof confidentiality, integrity, or availability in an information system. Students mustdemonstrate an understanding of the difference between malicious attacks andnonmalicious failures, as well as the difference between targeted attacks andincidents that affect a more general population.7.Describe two examples of vulnerabilities of automobiles for which auto manufacturers haveinstituted controls. Tell whether you think these controls are effective, somewhat effective,or ineffective.Example answers:This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

1: Introduction5(1) Vulnerability: Someone drives your car away without your permission. Control:Ignition switch lock. Effectiveness: Somewhat effective because it deters casualtheft, but the knowledgeable thief can “hot wire” the engine, bypassing the ignitionswitch.(2) Vulnerability: Someone who does not realize your car has stopped crashes intothe back of your car. Control: Brake lights. Effectiveness: Reasonably good. Note theredundancy of the system: with two brake lights, even if one fails, the second onewarns other drivers.8.One control against accidental software deletion is to save all old versions of a program. Ofcourse, this control is prohibitively expensive in terms of cost of storage. Suggest a lesscostly control against accidental software deletion. Is your control effective against allpossible causes of software deletion? If not, what threats does it not cover?Save incremental copies—only the changes since the last change. Equivalently, save a“transaction journal” of changes since last full backup. Develop a configurationmanagement approach to save code necessary to create a new version from the old.9.On your personal computer, who can install programs? Who can change operating systemdata? Who can replace portions of the operating system? Can any of these actions beperformed remotely?Who can install programs? Depending on the OS and the program being installed,possible answers include anyone with an administrator password or any user.Who can change OS data? Most likely, only users with administrative privileges.Who can replace portions of the operating system? Anyone who can install OSpatches—generally administrators—can technically replace portions of the OS.Can any of these actions be performed remotely? These actions can generally beperformed remotely if the student’s system is running a remote desktop, remoteshell (e.g., telnet, SSH), or similar service and is Internet-‐connected. These actionsmay also be performed remotely if an attacker gains access to the system.10.Suppose a program to print paychecks secretly leaks a list of names of employees earningmore than a certain amount each month. What controls could be instituted to limit thevulnerability of this leakage?Example controls: Screening all output; splitting the program into two, written byseparate teams, each processing half of the input each month; code reviews duringdevelopment; testing to exercise all branches in the source code. Note that thesecontrols are not perfect. Note also that it is much easier to limit the vulnerability ifone knows or suspects it exists instead of hypothesizing such a vulnerability existsand seeking to confirm the hypothesis.11.Preserving confidentiality, integrity, and availability of data is a restatement of the concernover interruption, interception, modification, and fabrication. How do the first three conceptsrelate to the last four? That is, is any of the four equivalent to one or more of the three? Isone of the three encompassed by one or more of the four?This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

1: Introduction6There is not a good one-‐to-‐one correspondence. Modification is primarily a failure ofintegrity, although there are aspects of availability (denial of service). Fabrication isprobably the closest to being exclusively an integrity violation, although fabricationof covert outputs could be used to leak otherwise confidential data. Interruption isan availability concern, although one can argue that it is also a failure of the integrityof a communication or information flow. Interception primarily results in a breach ofconfidentiality, although it could also be seen as an attack on availability.The distinctions drawn here are primarily semantic. There are also possiblearguments over whether an incident is a lack of confidentiality or integrity, too. Thepoint is not to split hairs of categorization among the three or four terms but ratherto use the terms to envision a broad range of vulnerabilities and threats.12.Do you think attempting to break in to (that is, obtain access to or use of) a computingsystem without authorization should be illegal? Why or why not?This question sets the stage for some of the legal issues and ethics discussion inChapter 9. The instructor may want to revisit this question in discussion of that laterchapter.13.Describe an example (other than the one mentioned in this chapter) of data whoseconfidentiality has a short timeliness, say a day or less. Describe an example of data whoseconfidentiality has a timeliness of more than a year.Short timeliness: Outcomes on which wagers have been or could be made, such asthe outcome of the Academy Awards; bids in an art auction.Long timeliness: Trade secrets, military secrets (note that some military secrets arereleased only after 50 years, and some never).14.Do you currently use any computer security control measures? If so, what? Against whatattacks are you trying to protect?Some common control measures students may mention are antivirus, passwords,and firewalls. Attacks may include downloaded malware and network exploitation.15.Describe an example in which absolute denial of service to a user (that is, the user gets noresponse from the computer) is a serious problem to that user. Describe another examplewhere 10 percent denial of service to a user (that is, the user’s computation progresses but ata rate 10 percent slower than normal) is a serious problem to that user. Could access byunauthorized people to a computing system result in a 10 percent denial of service to thelegitimate users? How?Absolute: Almost any required computing. Ten percent degradation: A real-‐timeapplication that requires almost all available computing power to respond within therequired time.16.When you say that software is of high quality, what do you mean? How does security fit inyour definition of quality? For example, can an application be insecure and still be “good”?The purpose of this question is to help students recognize that people often don’tconsider security implication when judging software quality but focus only onprimary functionality and usability features. The student’s answer shouldThis text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

1: Introduction7demonstrate an understanding that, in addition to performing its intended purposeand being usable, software should not decrease its user’s or system’s securityunnecessarily (e.g., run with unnecessary privileges, have easily identifiablevulnerabilities, or open unnecessary ports), and should provide security capabilitiesthat are adequate to protect its data and functionality in typical use.17.Developers often think of software quality in terms of faults and failures. Faults areproblems, such as loops that never terminate or misplaced commas in statements, thatdevelopers can see by looking at the code. Failures are problems, such as a system crash orthe invocation of the wrong function, that are visible to the user. Thus, faults can exist inprograms but never become failures, because the conditions under which a fault becomes afailure are never reached. How do software vulnerabilities fit into this scheme of faults andfailures? Is every fault a vulnerability? Is every vulnerability a fault?Vulnerabilities are both. Not every vulnerability will be visible to developers, since, forexample, vulnerabilities may exist because of context of use. (For example, considera program that displays warning messages about credit card authorization failures.Displaying this information is not a vulnerability if only clerks can see the screen.) Notevery fault that developers can see is a vulnerability; some faults might be in codethat cannot be reached.18.Consider a program to display on your website your city’s current time and temperature.Who might want to attack your program? What types of harm might they want to cause?What kinds of vulnerabilities might they exploit to cause harm?In the list of “who,” the student should also consider the random attack against thewebsite just because of, for example, a sequential scan of a range of addresses.19.Consider a program that allows consumers to order products from the web. Who might wantto attack the program? What types of harm might they want to cause? What kinds ofvulnerabilities might they exploit to cause harm?Cause denial of service (disgruntled consumers, ordinary crackers), acquire productsat reduced prices (consumers), find pricing strategy (competition).20.Consider a program to accept and tabulate votes in an election. Who might want to attack theprogram? What types of harm might they want to cause? What kinds of vulnerabilities mightthey exploit to cause harm?This question also foreshadows longer discussions on the topic of elections inChapters 9 and 13. The instructor may want to return to this question afterpresenting that material.21.Consider a program that allows a surgeon in one city to assist in an operation on a patient inanother city via an Internet connection. Who might want to attack the program? What typesof harm might they want to cause? What kinds of vulnerabilities might they exploit to causeharm?Depending on the patient, a murderer might want to interfere with surgery. Ordinarycrackers might want to disrupt communication without regard for its content.This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

2: ToolboxAuthentication, Access Control,and CryptographyThis chapter introduces many of the most fundamental tools of computer security: authenticationtechniques, identity management, access controls, and the basics of encryption. We decided tomove these concepts closer to the beginning of the book because they reappear in various formsin many of the subsequent chapters. Understanding this chapter is important to understanding therest of the book, so it’s a good one to spend a lot of time on.Many of the tools described in this chapter will be revisited in more detail in differentcontexts: access controls are explained in the context of operating systems in Chapter 5; federatedidentity management techniques are addressed in much greater detail in Chapter 8 on cloudsecurity; and Chapter 12 is entirely devoted to providing more of the mathematical detail behindencryption.OutlineI.Authenticationa.Identification vs. Authenticationb.Types of Authenticationi.Something You Knowii.Something You Areiii.Something You Havec.Something You Knowi.Passwords1.Attacks on Passwordsa.Guessingb.Defeating Concealmentc.Brute Force2.Choosing Strong Passwordsii.Security Questionsd.Something You Arei.Biometrics1.Types of BiometricsThis text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

2: Toolbox102.Problems with Biometrics3.Accuracy of Biometricse.Something You Havei.Tokens1.Active vs. Passive2.Static vs. Dynamicf.Federated Identity Managementi.Single Sign-ong.Multifactor Authenticationh.Authenticating SecurelyII.Access Controla.Access Policiesi.Access Control Goals1.Check Every Access2.Enforce Least Privilege3.Verify Acceptable Usageb.Implementing Access Controli.Reference Monitorii.Access Control Directoryiii.Access Control Matrixiv.Access Control Listv.Privilege Listvi.Capability-Based Securityc.Procedure-Oriented Access Controld.Role-Based Access ControlIII.Cryptographya.Problems Addressed by Encryptioni.Blocking Messagesii.Intercepting Messagesiii.Modifying Messagesiv.Fabricating Messagesb.Encryption Terminologyi.Encrypt/Encode/Encipher vs. Decrypt/Decode/DecipherThis text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

2: Toolbox11ii.Cryptosystemiii.Plaintext vs. Ciphertextiv.Keysv.Algorithms1.Symmetric/Single-Key/“Secret Key”2.Asymmetric/“Public Key”3.Keylessvi.Cryptographer vs. Cryptanalystc.Cryptanalysisd.Stream vs. Block Cipherse.Symmetric Cryptographyi.DES: The Data Encryption Standard1.64-Bit Blocks2.56-Bit Key (Effectively)3.Double and Triple DES4.Security of DESii.AES: Advanced Encryption System1.128-Bit Blocks2.128-, 192-, 256-Bit (and Possibly More) Keyf.Public Key Cryptographyi.Motivation and Characteristicsii.The Rivest-Shamir-Adelman (RSA) Algorithmiii.Public Key Cryptography to Exchange Secret Keysg.Error Detecting Codesi.Parityii.Hash Codesiii.One-Way Hash Functionsiv.Cryptographic Checksumv.Digital Signaturesh.Certificates: Trustable Identities and Public Keysi.Certificate Signingii.Certificate Authoritiesiii.Distributing Keys and CertificatesThis text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Loading page image...

2: Toolbox12Exercises1.Describe each of the following four kinds of access control mechanisms in terms of (a) easeof determining authorized access during execution, (b) ease of adding access for a newsubject, (c) ease of deleting access by a subject, and (d) ease of creating a new object towhich all subjects by default have access.•Per-subject access control list (that is, one list for each subject tells all the objects towhich that subject has access)•Per-object access control list (that is, one list for each object tells all the subjects whohave access to that object)•Access control matrix•CapabilityPer-‐subject access control: (a) A simple lookup from the list, which can be an O(1)operation in the average case if implemented as a hash table. (b) An addition to thatsubject’s list, which can effectively be an O(1) operation. (c) A removal from thatsubject’s list, which can effectively be an O(1) operation. (d) An entry needs to beadded to all subjects’ lists, which is an O(n) operation wherenis the number ofsubjects.Per-‐object access control: (a) A simple lookup from the list, which can effectively bean O(1) operation. (b) An addition to the list, which can effectively be an O(1)operation. (c) A removal from the list, which can effectively be an O(1) operation. (d)In this model, default access rights for an object can be set, so this, too, can be anO(1) operation.Access control matrix: (a) This is essentially a lookup by subject and object, and thespeed depends on implementation, but is likely O(n). (b) Assuming the subject isbeing newly created, a new row must be added to the matrix, which can be quitecostly depending on implementation (potentially requiring the whole table to becopied). (c) This is essentially a lookup by subject and object, and the speed dependson implementation, but is likely O(n). (d) Depending on implementation, creating anew object may require making a copy of the whole table, which would be O(n^2), ormay just require adding a new entry to an existing table, which can be made to havea default entry for a performance of O(1).Capability: The capability model needs to be backed by one of the other models, so,depending on implementation, it can effectively have the same performance as anyof the other models. The only potential difference is in revocation, where the need totrack capability “tickets” for revocation becomes an issue.2.Suppose a per-subject access control list is used. Deleting an object in such a system isinconvenient because all changes must be made to the control lists of all subjects who didhave access to the object. Suggest an alternative, less costly means of handling deletion.This text is associated with Pfleeger/Security in Computing, Fifth Edition (9780134085043).

Preview Mode

This document has 90 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

DevOps and Its Importance Study Notes

Veeam Certified Engineer VMCE-V12

Modules 1 - 3 Basic Network Connectivity and Commu

Notes CCNA

CCNA 200-301 Portable Command Guide 5th Edition 20

CCNA 200-301 Portable Command Guide 5th Edition 22

CCNA 200-301 Portable Command Guide 5th Edition 36

Foundations of Novell Networking Section 26

Modulo 7 DHCPv4

Build and troubleshooting Integration Challenge

Company

Explore

Study Tools