Homework

sinister670

CS651A03aSecEng.docx

Home >Information Systems homework help >Homework

CS651 – A03 – Security Engineering

Team Members:

1 – Describe “Security Architecture” to a nontechnical person 3-4 sentences. (4)

2 – How does an operating system architecture affect security? Provide a brief explanation and give 2 examples. (6)

3 – What is “Data Execution Prevention? (2)

4 – What is a microkernel and how does it differ from a monolithic kernel? Include an example of each type. (5)

5 – What is a Common Criteria Protection Profile? Pick two that might be of use to YAP and explain why. (5)

6 – Explain Kerckhoff’s Principle and its importance. (2)

7 – What is a keyspace and why is it important? (2)

8 – Explain how “locks” can defeat a TOC/TOU attack (4)

9 – Explain how Eve would create a Chosen-Plaintext Attack on Alice’s messages to Bob and provide an example. (4)

10 – Summarize the PKI with an example and explain how certificates help make it secure in ½ page. (8)

11 – Compare the Clarke-Wilson and the Biba model in 5-6 sentences and give an example of how each works. (10)

12 – Explain how a digital envelope works in 4-6 sentences. (5)

14 – Review https://apprenda.com/library/paas/iaas-paas-saas-explained-compared/ and other sources, then define IaaS, SaaS, and PaaS in 2-3 sentences each (in your own words, of course). (10)

15 – Decide which of these models (in the previous question) would work best for YAP and explain your logic in 4-5 sentences. (10) (Remember, there is no “right” answer. There is, however, sensible logic)

16 – Address space layout randomization (ASLR) has been used for several years in Windows operating systems, but has not stopped attacks from succeeding. Explain why in ¼ page. (10)

17 – In IEEE Xplore, read “Study on service-oriented security architecture” by Cheng et al. Explain the proposed architecture and why you agree (or disagree with the authors’ premise their approach is scalable in 2-3 paragraphs in ½ page. (10)

Page 1 of 2