Please follow the marking criteria at the end of this document and answer the questions.
Due date: 8 April 2015
Follow the referencing guidelines for APA 6 and do it. Please.
Part A : 40 Marks
Answer the following questions :
1. Reports of computer security failures appear frequently in the daily news. Research and summarise the article that exemplifies one (or more) of the principles: easiest penetration, adequate protection, effectiveness, weakest link. Ensure the link and full reference is included.
2. Explain why asynchronous I/O activity is a problem with many memory protection schemes, including base/bounds and paging. Suggest a solution to the problem.
3. An electronic mail system could be used to leak information. First, explain how the leakage could occur. Then, identify controls that could be applied to detect or prevent the leakage. Justify your answer based on literature.
4. A computer system provides protection using the Bell-La Padula policy. How would a virus spread if:
• the virus were placed on the system at system low (the compartment that all other compartments dominate)?
• the virus were placed on the system at system high (the compartment that dominates all other compartments)?
Part B : 60 Marks
• Task 1. Go to a web site where you do regular banking. Visit this website carefully and answer the following questions:
a. How do you know that the information you type in is secure from phishing?
b. What sorts of protection is provided by the bank to ensure secure online banking? Justify why the bank would use these security measures.
• Task 2. Consider a PIN card entry to a secure area for a publishing company that prints confidential documents for other companies such as exam papers for universities and health record for customers. Suggest some examples of confidentiality, integrity and availability in such a scenario. Summarize the requirements as well as the degree of importance for each item associated with such a system with your recommendation in a brief (250-500) words report. Must follow APA style referencing.
• Task 3. Mr. Bob is accessing his personal bank account (through a web browser) using an Internet Café. Mr. Bob has opened a text editor simultaneously along with web browser. Suddenly Mr. Bob suspected that the Café computers are infected with malware called 'software keyloggers'.
As a security expert, you need to describe a scheme that allows Mr. Bob to type his userID and Password that the malware (i.e. keylogger), used in isolation of any screen captures or mouse event captures, would not be able to discover Mr. Bob's userID and password.
This assessment task covers the fundamentals of secure computing environment, communication security, security policy, software security, access control and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess your ability to:
• justify security goals and the importance of maintaining the secure computing environment against digital threats;
• examine malicious activities that may affect the security of a computer program
• justify the choice of various controls to mitigate threats;
• compare and contrast the security mechanisms of an operating system
• with those used in a general purpose operating system;
• investigate and justify the use of the access control mechanisms and foundational security policies.