ComSec作业一:抄书题
第一章
1.1 What is the OSI security architecture?
To assess effectively the security needs of an organization and to evaluate and
choose various security products and policies, the manager responsible for security
needs some systematic way of defining the requirements for security and character
izing the approaches to satisfying those requirements. This is difficult enough in a
centralized data processing environment; with the use of local and wide area net
works, the problems are compounded.
ITU-T3 Recommendation X.800, Security Architecture for OSI, defines such a
systematic approach.4 The OSI security architecture is useful to managers as a way
of organizing the task of providing security. Furthermore, because this architecture
was developed as an international standard, computer and communications vendors
have developed security features for their products and services that relate to this
structured definition of services and mechanisms.
For our purposes, the OSI security architecture provides a useful, if abstract,
overview of many of the concepts that this book deals with. The OSI security archi
tecture focuses on security attacks, mechanisms, and services. These can be defined
briefly as
■ Security attack: Any action that compromises the security of information
owned by an organization.
■ Security mechanism: A process (or a device incorporating such a process)
that is designed to detect, prevent, or recover from a security attack.
■ Security service: A processing or communication service that enhances the
security of the data processing systems and the information transfers of an
organization. The services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide the service.
In the literature, the terms threat and attack are commonly used to mean more
or less the same thing. Table 1.1 provides definitions taken from RFC 4949, Internet
Security Glossary.
1.2 List and briefly define the three key objectives of computer security.
Confidentiality
Integrity
Availability
1.3 List and briefly define categories of passive and active security attacks.
Passive attacks (Figure 1.2a) are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information that is being
transmitted. Two types of passive attacks are the release of message contents and
traffic analysis.
Active attacks (Figure 1.2b) involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories: masquerade,
replay, modification of messages, and denial of service.
1.6 List and briefly define the fundamental security design principles.
Despite years of research and development, it has not been possible to develop
security design and implementation techniques that systematically exclude security
flaws and prevent all unauthorized actions. In the absence of such foolproof tech
niques, it is useful to have a set of widely agreed design principles that can guide
the development of protection mechanisms. The National Centers of Academic
Excellence in Information Assurance/Cyber Defense, which is jointly sponsored by
the U.S. National Security Agency and the U.S. Department of Homeland Security,
list the following as fundamental security design principles [NCAE13]:
■ Economy of mechanism
■ Fail-safe defaults
■ Complete mediation
■ Open design
■ Separation of privilege
■ Least privilege
■ Least common mechanism
■ Psychological acceptability
■ Isolation
■ Encapsulation
■ Modularity
■ Layering
■ Least astonishment
The first eight listed principles were first proposed in [SALT75] and have withstood
the test of time. In this section, we briefly discuss each principle.
Economy of mechanism means that the design of security measures embod
ied in both hardware and software should be as simple and small as possible.
The motivation for this principle is that relatively simple, small design is eas
ier to test and verify thoroughly. With a complex design, there are many more
opportunities for an adversary to discover subtle weaknesses to exploit that may
be difficult to spot ahead of time. The more complex the mechanism, the more
likely it is to possess exploitable flaws. Simple mechanisms tend to have fewer
exploitable flaws and require less maintenance. Further, because configuration
management issues are simplified, updating or replacing a simple mechanism
becomes a less intensive process. In practice, this is perhaps the most difficult
principle to honor. There is a constant demand for new features in both hard
ware and software, complicating the security design task. The best that can be
done is to keep this principle in mind during system design to try to eliminate
unnecessary complexity.
Fail-safe defaults means that access decisions should be based on permission
rather than exclusion. That is, the default situation is lack of access, and the protec
tion scheme identifies conditions under which access is permitted. This approach
exhibits a better failure mode than the alternative approach, where the default is
to permit access. A design or implementation mistake in a mechanism that gives
explicit permission tends to fail by refusing permission, a safe situation that can
be quickly detected. On the other hand, a design or implementation mistake in a
mechanism that explicitly excludes access tends to fail by allowing access, a failure
that may long go unnoticed in normal use. Most file access systems and virtually all
protected services on client/server systems use fail-safe defaults.
Complete mediation means that every access must be checked against the
access control mechanism. Systems should not rely on access decisions retrieved
from a cache. In a system designed to operate continuously, this principle requires
that, if access decisions are remembered for future use, careful consideration be
given to how changes in authority are propagated into such local memories. File
access systems appear to provide an example of a system that complies with this
principle. However, typically, once a user has opened a file, no check is made to see
if permissions change. To fully implement complete mediation, every time a user
reads a field or record in a file, or a data item in a database, the system must exercise
access control. This resource-intensive approach is rarely used.
Open design means that the design of a security mechanism should be open
rather than secret. For example, although encryption keys must be secret, encryption
algorithms should be open to public scrutiny. The algorithms can then be reviewed
by many experts, and users can therefore have high confidence in them. This is the
philosophy behind the National Institute of Standards and Technology (NIST)
program of standardizing encryption and hash algorithms, and has led to the wide
spread adoption of NIST-approved algorithms.
Separation of privilege is defined in [SALT75] as a practice in which mul
tiple privilege attributes are required to achieve access to a restricted resource.
A good example of this is multifactor user authentication, which requires the use of
multiple techniques, such as a password and a smart card, to authorize a user. The
term is also now applied to any technique in which a program is divided into parts
that are limited to the specific privileges they require in order to perform a specific
task. This is used to mitigate the potential damage of a computer security attack.
One example of this latter interpretation of the principle is removing high privilege
operations to another process and running that process with the higher privileges
required to perform its tasks. Day-to-day interfaces are executed in a lower privi
leged process.
Least privilege means that every process and every user of the system should
operate using the least set of privileges necessary to perform the task. A good
example of the use of this principle is role-based access control. The system security
policy can identify and define the various roles of users or processes. Each role is
assigned only those permissions needed to perform its functions. Each permission
specifies a permitted access to a particular resource (such as read and write access
to a specified file or directory, connect access to a given host and port). Unless a
permission is granted explicitly, the user or process should not be able to access the
protected resource. More generally, any access control system should allow each
user only the privileges that are authorized for that user. There is also a temporal
aspect to the least privilege principle. For example, system programs or administra
tors who have special privileges should have those privileges only when necessary;
when they are doing ordinary activities the privileges should be withdrawn. Leaving
them in place just opens the door to accidents.
Least common mechanism means that the design should minimize the func
tions shared by different users, providing mutual security. This principle helps
reduce the number of unintended communication paths and reduces the amount of
hardware and software on which all users depend, thus making it easier to verify if
there are any undesirable security implications.
Psychological acceptability implies that the security mechanisms should not
interfere unduly with the work of users, while at the same time meeting the needs of
those who authorize access. If security mechanisms hinder the usability or accessibil
ity of resources, then users may opt to turn off those mechanisms. Where possible,
security mechanisms should be transparent to the users of the system or at most
introduce minimal obstruction. In addition to not being intrusive or burdensome,
security procedures must reflect the user’s mental model of protection. If the protec
tion procedures do not make sense to the user or if the user must translate his image
of protection into a substantially different protocol, the user is likely to make errors.
Isolation is a principle that applies in three contexts. First, public access sys
tems should be isolated from critical resources (data, processes, etc.) to prevent dis
closure or tampering. In cases where the sensitivity or criticality of the information
is high, organizations may want to limit the number of systems on which that data is
stored and isolate them, either physically or logically. Physical isolation may include
ensuring that no physical connection exists between an organization’s public access
information resources and an organization’s critical information. When implement
ing logical isolation solutions, layers of security services and mechanisms should be
established between public systems and secure systems responsible for protecting
critical resources. Second, the processes and files of individual users should be iso
lated from one another except where it is explicitly desired. All modern operating
systems provide facilities for such isolation, so that individual users have separate,
isolated process space, memory space, and file space, with protections for prevent
ing unauthorized access. And finally, security mechanisms should be isolated in the
sense of preventing access to those mechanisms. For example, logical access control
may provide a means of isolating cryptographic software from other parts of the
host system and for protecting cryptographic software from tampering and the keys
from replacement or disclosure.
Encapsulation can be viewed as a specific form of isolation based on object
oriented functionality. Protection is provided by encapsulating a collection of pro
cedures and data objects in a domain of its own so that the internal structure of a
data object is accessible only to the procedures of the protected subsystem, and the
procedures may be called only at designated domain entry points.
Modularity in the context of security refers both to the development of security
functions as separate, protected modules and to the use of a modular architecture for
mechanism design and implementation. With respect to the use of separate security
modules, the design goal here is to provide common security functions and services,
such as cryptographic functions, as common modules. For example, numerous proto
cols and applications make use of cryptographic functions. Rather than implement
ing such functions in each protocol or application, a more secure design is provided
by developing a common cryptographic module that can be invoked by numerous
protocols and applications. The design and implementation effort can then focus on
the secure design and implementation of a single cryptographic module and includ
ing mechanisms to protect the module from tampering. With respect to the use of a
modular architecture, each security mechanism should be able to support migration
to new technology or upgrade of new features without requiring an entire system
redesign. The security design should be modular so that individual parts of the secu
rity design can be upgraded without the requirement to modify the entire system.
Layering refers to the use of multiple, overlapping protection approaches
addressing the people, technology, and operational aspects of information systems.
By using multiple, overlapping protection approaches, the failure or circumven
tion of any individual protection approach will not leave the system unprotected.
We will see throughout this book that a layering approach is often used to provide
multiple barriers between an adversary and protected information or services. This
technique is often referred to as defense in depth.
Least astonishment means that a program or user interface should always
respond in the way that is least likely to astonish the user. For example, the mechanism
for authorization should be transparent enough to a user that the user has a good intui
tive understanding of how the security goals map to the provided security mechanism.
第三章
3.1 Describe the main requirements for the secure use of symmetric encryption.
There are two requirements for secure use of conventional encryption:
1. We need a strong encryption algorithm. At a minimum, we would like the algo
rithm to be such that an opponent who knows the algorithm and has access to
one or more ciphertexts would be unable to decipher the ciphertext or figure
out the key. This requirement is usually stated in a stronger form: The oppo
nent should be unable to decrypt ciphertext or discover the key even if he or
she is in possession of a number of ciphertexts together with the plaintext that
produced each ciphertext.
2. Sender and receiver must have obtained copies of the secret key in a secure
fashion and must keep the key secure. If someone can discover the key and
knows the algorithm, all communication using this key is readable.
3.5 What are the two general approaches to attacking a cipher?
■ Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus
perhaps some knowledge of the general characteristics of the plaintext or even
some sample plaintext–ciphertext pairs. This type of attack exploits the charac
teristics of the algorithm to attempt to deduce a specific plaintext or to deduce
the key being used.
■ Brute-force attack: The attacker tries every possible key on a piece of cipher
text until an intelligible translation into plaintext is obtained. On average, half
of all possible keys must be tried to achieve success.
ComSec作业一:抄书题相关推荐
- 函授计算机基础知识考试试题,2020年函授本科计算机应用基础课后作业、模拟题及答案.doc...
2020年函授本科计算机应用基础课后作业.模拟题及答案.doc 学 海 无 涯第一章作业14题一.单项选择题(共12小题,每题7分,共84.0分)第1题在计算机中,用文字.图像.语言.情景.现象所表示 ...
- ComSec 作业七:Signature
ComSec 作业七:Signature 13.2 数字签名应该具有哪些性质? 13.3 数字签名应满足哪些要求? 13.6 直接数字签名方法中会遇到哪些威胁? 13.2 数字签名应该具有哪些性质? ...
- 浙江大学远程教育平台计算机基础知识,浙江大学远程教育_计算机基础_第3次作业_Word知识题...
浙江大学远程教育 计算机基础 第3次作业 Word知识题 第3章 文字处理Word 2010(单选题) 完成下列题目,这些题目与期末考试题或将来的统考题类似,请同学们认真做一遍.注意:上传你所做的答案 ...
- 浙江大学远程教育计算机作业4,浙江大学远程教育_计算机基础_第4次作业_Excel知识题...
浙江大学远程教育 计算机基础 第4次作业 Excel知识题 第4章电子表格Excel 2010(单选题) 完成下列题目,这些题目与期末考试题或将来的统考题类似,请同学们认真做一遍.注意:上传你所做的答 ...
- 北理 嵩天老师 Python程序设计 课后作业易错题总结
Python程序设计课后作业易错题总结 最近小c君在学习北理的嵩天老师在中国大学MOOC上发布的,<Python程序设计>课程. 下面是我总结该课程课后作业的易错题,分享给大家.同时非常推 ...
- 2021年人工神经网络第四次作业 - 第三题Cifar10
简 介: 在Paddle下使用最基本的BP网络以及LeNet网络结构,测试了Cifar10数据集合.但实际运行在测试集合上的效果始终没有突破0.3,具体原因还需要进行查找. 后来经过测试,发现问题出现 ...
- 2021年人工神经网络第四次作业-第五题:危险品识别
简 介: 通过对于物品X射线数据集合的整理,挑选出15类体积比较大的物品,训练LeNet网络进行识别. 关键词: X射线,危险品识别,LeNet,Paddle #mermaid-svg-wZUMACG ...
- 2021-06-082021年春季学期-信号与系统-第十五次作业-第四小题参考答案
本文是 2021年春季学期-信号与系统-第十五次作业参考答案 中各小题的参考答案. §04 第四小题 4.已知x[n],y[n]x\left[ n \right],y\left[ n \right]x ...
- 电大计算机2019作业,【电大题】2019年最新国家开 放大学电大《人文英语2、3、》网络核心课形考网考作业两套汇编附全答案.docx...
[电大题]2019年最新国家开 放大学电大<人文英语2.3.>网络核心课形考网考作业两套汇编附全答案.docx 文档编号:768065 文档页数:61 上传时间: 2019-10-17 文 ...
最新文章
- 智源博士后合作导师专访 | 曾毅:面向可持续发展的人工智能
- websocket 例子
- nefu 628 扩展卢卡斯
- ps cs6磨皮插件_【PS插件】ps磨皮插件Portraiture
- 统计通话次数和时间的软件_通话时间统计app下载|通话时间统计安卓版下载 v1.0.3 - 跑跑车安卓网...
- 【转】WPF Expander 收缩不占空间的用法
- 怎么做圆形二维码_圆形吊顶怎么做?装修网盘点圆形吊顶安装注意事项
- 安装nagios中php安装报错 configure error xml2-config not foud
- 机器学习工程师 - Udacity 强化学习 Part Nine
- 转:机器人工程师学习计划(YY硕)(后悔自己没有早点看到强力推荐)
- 吃一口肥肉之小程序牛刀小试(一)
- 用xbrowser登陆linux远程桌面,如何使用Xmanager及VNC登录远程桌面
- 瑞吉外卖-全网最全笔记-Day06
- 神经网络预测指标是什么,神经网络怎么预测数据
- ecshop添加多国货币
- 分析2440开发板和4412开发板的性价比_初学者你们怎么看?
- Windows 11 企业版新功能介绍
- (个人笔记)Django学习笔记整理
- Java项目源代码S2SH校园BBS论坛系统
- c语言数星星,数星星 (C++代码)