Recent Question/Assignment

SIT382 System Security
Assessment 1 - Research Essay
Trimester 2 2021
Objectives: see ULO1, ULO2, GLO1, GLO2, GLO4 in the unit guide.
Due Date: 8pm Friday August 27, 2021
Delays caused by computer downtime cannot be accepted as a valid reason for late submission without penalty. Students must plan their work to allow for both scheduled and unscheduled downtime.
Submission Details:
You must submit an electronic copy of your assessment solutions in Microsoft Word (.doc or .docx) for the research essay via CloudDeakin. The PDF format may cause issues in the Turnitin system. So please avoid using PDF format.
It is the student's responsibility to ensure that they understand the submission instructions. If you have ANY difficulties, ask the teaching team for assistance (prior to the submission date).
Copying, Plagiarism Issues:
This is an individual assessment. You are not permitted to work as a part of a group when writing this assessment.
Plagiarism is the use of other people’s words, ideas, research findings or information without acknowledgement, that is, without indicating the source. Plagiarism is regarded as a very serious offence in Western academic institutions and Deakin University has procedures and penalties to deal with instances of plagiarism.
In order not to plagiarise, all material from all sources must be correctly referenced. It is necessary to reference direct quotes, paraphrases and summaries of sources, statistics, diagrams, images, experiment results and laboratory data - anything taken from sources.
When plagiarism is detected, penalties are strictly imposed. Details on plagiarism can be viewed online at https://www.deakin.edu.au/students/studying/academic-integrity.
SIT382 Assessment 1
Total marks: 40
The reliance of our society on IT systems has dramatically increased over recent years. Unfortunately, the value of the assets that could be compromised through an IT system extends beyond the monetary value: it is impossible to ignore that the security of IT often affects the safety of Operational Technologies (OT). IT systems suffer from failures in maintaining security because of their increasing complexity, the evolution of attackers' capabilities, and the increasing value of the assets that they hold. Exploitable vulnerabilities and risks will always exist, and their characteristics can change over the course of an IT system's life. There is, however, a need to manage within acceptable parameters these errors, vulnerabilities and risks over the life of IT system. The task of those responsible for the security of IT systems is to establish acceptable levels of security assurance and risk objectives for the IT system.
In terms of IT security, adequate security assurance signifies that specific predefined security requirements have been addressed through the presentation of a security assurance case: it is the result of performing appropriate security assurance processes and activities. These security assurance processes and activities need to be described in the form of a reasoned and compelling argument (or many arguments), supported by a body of evidence for a security-related claim. Such a claim is typically about certain Security Targets being met by product, system, service or organisation.
Security assurance requirements are determined from the security problem posed by the deliverable (and potentially other factors), influencers, security requirements, and the target environment for the deliverable. As such, it is important to understand and specify the scope and boundaries for a deliverable that is subject to a security assessment.
Security assurance arguments substantiate security assurance claims which means that the arguments should be structured in the appropriate manner. In general, security assurance arguments can be constructed in many different ways and drawn from many different sources. However, for this assessment Target of Evaluation (TOE) is a product or service. Security assurance argument must be based on one of the following alternatives:
(a) Tools/methods used to test and evaluate TOE; (b) Tools/methods used to design TOE.
In order to score a higher grade for their essay, students must follow specific pattern: the essay should contain the main security argument, counterargument and defence of the main security argument.
The scope of security problems for your essay is bounded by those occurring in authentication and access control systems. In the essay, a student is encouraged to develop an assurance argument that contributes to one of the following security requirements: - Human user identification and authentication;
- Machine (e.g. IoT) identification and authentication;
- Account management;
- Authenticator management;
- Strength of password-based authentication;
- Strength of public key authentication;
- Authorization enforcement;
- Auditable events; - Non-repudiation.
It is not required to develop a complete security assurance case for one of the listed requirements. For the essay, it is sufficient to evolve around argument(s) that can fit within potential assurance case. For instance, an argument that claims security/privacy of attribute-based authentication may fit within the assurance cases for ‘Human user identification and authentication’, ‘Machine (e.g. IoT) identification and authentication’, ‘Authorization enforcement’. However, it is the student's task to demonstrate ‘how?’ security assurance argument fits there. The length of the essay should be 15002000 words (minimum 1500 words, single spaced, 12pt font, on the A4-sized paper).
Marking Criteria for Assessment 1
Criterion Rating scale Criterion score
1. Relation between the problem and presented security argument. Excellent 15 points Satisfactory 9 points Weak
6 points Unsatisfactory 3 points /15
Security argument fits within the scope of the problem, and this is wellarticulated. Security argument fits within the scope of the problem. Security argument
partially fits within the scope of the problem. Security argument is out of the scope of the problem.
2. Argument
Comprehension
(claims, strategies, assumptions, context and evidence). Excellent 15 points Satisfactory 9 points Weak
6 points Unsatisfactory 3 points /15
The body of argument has all the parts, and they can be comprehended. The body of argument has essential parts, and they can be comprehended. The body of argument has essential parts, but comprehension is incomplete. Essential parts are missing from the body of argument.
3. Argument wellformedness. Excellent 10 points Satisfactory 6 points Weak
4 points Unsatisfactory 2 points /10
There are no structural errors, and this is clearly demonstrated. There are no structural errors, but the demonstration is lacking. There are minor structural errors. There are major structural errors.
4. Expressive Sufficiency of Argument. Excellent 10 points Satisfactory 6 points Weak
4 points Unsatisfactory 2 points /10
Context is explicit and is sufficient for logical inference. Context is partially explicit but is sufficient for logical inference. Implicit context can be understood, which is sufficient for logical inference. Context can not be
understood, and this is insufficient for logical inference.
5. Argument Criticism (e.g. counterargument) Excellent 15 points Satisfactory 9 points Weak
6 points Unsatisfactory 3 points /15
The criticism is persuasive and
effectively undermines the overall sufficiency of argument. The criticism is
somewhat persuasive and
may undermine the overall sufficiency of argument. Criticism is introduced, but it is not persuasive. Criticism is missing.
6. Argument defence Excellent 15 points Satisfactory 9 points Weak
6 points Unsatisfactory 3 points /15
Defence evidence
is efficient,
trustworthy, and its integrity is unquestionable. Defence evidence is somewhat
efficient and trustworthy. Defence evidence is either not efficient or not trustworthy. Defence evidence is missing.
7. Correct use of language and grammar
(Syntax, Spelling, punctuation) Excellent 10 points Satisfactory 6 points Weak
4 points Unsatisfactory 2 points /10
Writing is smooth, skilful, and coherent. Punctuation and spelling are accurate. Writing is clear and sentences have some varied structure. Punctuation and spelling are generally accurate. Writing is clear, but sentences may lack variety. Several errors in punctuation and spelling. Writing is confusing and hard to follow. Many errors in punctuation and spelling.
8. Use of sources
(relevance/reliability) Excellent 10 points Satisfactory 6 points Weak
4 points Unsatisfactory 2 points /10
Evidence from
sources is smoothly integrated into essay. All sources are cited accurately and are highly relevant and reliable. Evidence from source(s) is integrated into the text. Most sources are cited accurately and are generally relevant and reliable. Some source material is used. Several sources may not be cited accurately. Relevance and reliability may be questionable. Few or no source material is used. Relevance and/or
reliability are strongly in question.

Looking for answers ?