Revision 1 DSM/BMIS 33243

40

BMIS 33243

Distributed Systems Management

*******************************************

Revision 1

*******************************************

Name:______________________________________________ Date: ______________

ID: ________________________

QUESTION 1

Consider the commercial organizations, ABC Ltd., whose research department is engaged in a joint venture
with an external organization, DEF Ltd. There is a need to organized access control for ABC itself, and also to
allow limited access for members of DEF staff to research department files. DEF staff gain access from
terminals in their own research laboratory by means of a communication network. After an audit of the security
arrangements at both sites, ABC have selected a policy to allow DEF limited security administration rights to
control the users who can access ABC.
ABCs system consists of a number of computers connected by a company network. The scenario makes
no assumption about what resources are located on what computer, but requires a global identification scheme
so that all objects may be identified uniquely.
ABC Ltd ABC Ltd
Managing director Managing director

ADMINISTRATION RESEARCH FINANCE

DEPT DEPT DEPT
Administration Research director Finance director
director

GENERAL ABCDEF JOINT Security ABCDEF JOINT

RESEARCH VENTURE administration VENTURE
Project manager

NHMR/Feb 2012
Security PERSONNEL Scientist Support Staff
admin
Revision 1 DSM/BMIS 33243

Diagram 1

(a). Based on the above conventional organization tree depicted in Diagram 1, create an equivalent domain
representation of organization as viewed from ABC.
[8 Marks]

(b). Explain in detail SIX (6) differences between user and mechanism views of object and user and
mechanism views of domains as proposed by Domino project (Moffett & Sloman, 1992).
[12 Marks]

[TOTAL MARKS 20]

QUESTION 2

Objectives of security within distributed systems can be defined at a number of different levels, from a high-
level objective to a low-level one, with a hierarchy of objectives in between. Each level helps to achieve the
objectives of a higher level.

(a). Primary objective of security correspond to threats (such as disclosure, corruption, loss, denial of service,
impersonation and repudiation).
(i). Identify and explain in detail the THREE (3) primary security objectives which apply to both stored
data and messages in transit.
[9 Marks]

(ii). Identify and explain in detail the other TWO (2) primary security objectives which apply specifically
to communication between users and/or programs.
[6 Marks]

NHMR/Feb 2012
Revision 1 DSM/BMIS 33243

(b). Secondary security objectives provide access control, audit trails and security alarm services. Explain in
detail on how the objectives can be achieved.
[5 Marks]

[TOTAL MARKS 20]

NHMR/Feb 2012