Reg. No.

Question Paper Code :

31089

Common to M.E Computer Science and Engineering/M.Tech. Information Technology/M.E. Software Engineering Second Semester

241207 INFORMATION SECURITY (Regulation 2010) Time : Three hours

40
Or

Answer ALL questions.

1. 2. 3. 4. 5. 6. 7. 8. 9.

List and define the types of security threats. Mention the purpose of own right with an example. Let p=l7 and q=11, find the public and private keys using RSA algorithm?

List out the levels of open PGP specification. An information flow policy is a security policy. Justify. How an executable infector works? Give example. Define transition-based auditing with an example. Name the entries that take place in DMZ DNS server.

09 8

10.

How do you validate the access control entry? PART B (5 16 = 80 marks)

11.

(a)

In addition to mathematical and informal statements of policy, policies can be implicit (not stated). Why might this be done? Might it occur with informally stated policies? What problems can this cause? (16)

84

40

Differentiate between stream cipher and block cipher.

98

PART A (10 2 = 20 marks)

98

M.E./M.Tech. DEGREE EXAMINATION, JUNE 2011.

40
Maximum : 100 marks

(b)

(i) (ii)

Explain the types of policy languages with neat examples.

In a formal model, prove that the two properties of the hierarchy function allow only trees and single nodes as organizations of objects. (8) types of classical cryptosystems with neat (16)

12.

(a)

Briefly explain the illustrations.

Or (b) (i) (ii)

Discuss the concept of storing and revoking keys with an example. (8) Describe in detail about the working of secure socket layer with its types. (8)

(ii)

Prove that Fentons Data Mark Machine would detect the violation of policy in the execution time certification of the copy procedure. (8)

(b)

How do you detect a covert channel? Illustrate with neat diagrams, the types and operations of covert flow tree. (16) (i) Describe in detail, how an executable infecting computer virus might append itself to an executable. What changes must it make to the executable, and why? (8)

14.

(a)

40

(ii)

With an example, elucidate the goals and classification of vulnerability analysis. (8) Or

(b)

09 8

Discuss the basic techniques of an audit browsing. Also describe the set of constraints that lead to a description of the Conditions that an audit mechanism should detect. Give these conditions. (16) With suitable examples, illustrate how will you protect files and devices with respect to user security. (16) Or

15.

(a)

(b)

(i)

Write an algorithm for high-level design to point out an important ambiguity in the requirements. (8) Describe the types of testing and explain how do you distribute the program after it has been tested? (8)

(ii)

84

98
2

40
Or

13.

(a)

(i)

Discuss the issues related to creation and maintenance of access control lists. Also compare it with capabilities. (8)

98

40

(8)

31089