Computer Security: Defining "computer security" is not trivial.

The difficulty lies in developing a definition that is broad enough to be valid regardless of the system being desc ribed, yet specific enough to describe what security really is. In a generic sen se, security is "freedom from risk or danger." In the context of computer scienc e, security is the prevention of, or protection against, access to information by unauthorized recipients, and intentional but unauthorized destruction or alteration of that information. This can be re-stated: "Security is the ability of a system to protect informati on and system resources with respect to confidentiality and integrity." Note tha t the scope of this second definition includes system resources, which include C PUs, disks, and programs, in addition to information. 2. Define Hybrid policies. [JUNE 2010] Chience wall model Clinical information systems security policy Originator controlled access model Role based access control 3. (a) (b) (c) (d) List and define the types of security threats. [JUNE 2011] Disclosure Snooping Deception Modification, spoofing, repudiation of origin, denial of receipt Disruption Modification Usurpation Modification, spoofing, delay, denial of service

4. Mention the purpose of own right with an example [JUNE 2011] Own right Usually allows possessor to change entries in ACM column, So owner of object can add, delete rights for others 5. State the Components of an Access Control Matrix. [NOV/DEC 2010] An Access Control Matrix should be thought of only as an abstract model of permissions at a given point in time; a literal implementation of it as a two -dimensional array would have excessive memory requirements. Capability-based se curity and access control lists are categories of concrete access control mechan isms whose static permissions can be modeled using Access Control Matrices. 6. Give the levels of security needed for a medium sized Public organizatio n. [NOV/DEC 2010] PART B 1. Explain in detail the Access control matrix and Security policies. [JUNE 2010] 2. Discuss in detail the Integrity policies and confident iality policies. [JUNE 2010] 3. In addition to mathematical and informal statements of policy, po licies can be implicit (not stated). Why might this be done? Might it occur w ith informally stated policies? What problems can this cause? [JUNE 2010] (16) 4. (8) Explain the types of policy languages with neat examples. [JUNE 2011]

5. In a formal model, prove that the two properties of the hierarchy fun ction allow only trees and single nodes as organizations of objects.

[JUNE 2011]

(8)

6. Describe the need for Security Analysis and explain the various aspects of it. [NOV/DEC 2010] 7. Discuss the levels of security needed and explain how security policy is incorporated into large organizations. [NOV/DEC 2010] UNIT II PART A 1. Write a short note on key management. [JUNE 2010] key management refers to the distribution of cryptographic keys,the mechanisms u sed to bind an identity to a key,and the generation,maintanence and revoking of such keys. 2. Define Digital Signatures. [JUNE 2010] A digital signature (not to be confused with a digital certifica te) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged . Digital signatures are easily transportable, cannot be imitated by someone els e, and can be automatically time-stamped. The ability to ensure that the origina l signed message arrived means that the sender cannot easily repudiate it later. A digital signature can be used with any kind of message, whethe r it is encrypted or not, simply so that the receiver can be sure of the sender' s identity and that the message arrived intact. A digital certificate contains t he digital signature of the certificate-issuing authority so that anyone can ver ify that the certificate is real.

3.

Differentiate between stream cipher and block cipher. [JUNE 2011] A cipher is a set of mathematical rules, or algorithm, used to convert r eadable text, or plaintext, into unreadable text, or ciphertext. The principle d ifference between stream ciphers and block ciphers is that stream ciphers work o n streams of text, one bit or one byte at a time, while block ciphers work on bl ocks of text. Stream Cipher o The basic idea of a stream cipher is to divide text into small blocks, o ne bit or one byte long, and encode each block depending on many previous blocks . Stream ciphers use a different encryption key -- a value which must be fed int o the algorithm -- for each bit or byte, so the same bit or byte produces differ ent ciphertext each time it is encrypted. Some stream ciphers use a keystream ge nerator, which produces a random, or nearly random, stream of bits. The cipher p erforms a Boolean operation, known as an exclusive OR, between the bits in the k eystream and the bits in the plaintext to produce ciphertext.