Professional Documents
Culture Documents
CS/JAN 2013/CSC662
COURSE
COMPUTER SECURITY
COURSE CODE
CSC662
EXAMINATION
JANUARY 2013
TIME
3 HOURS
INSTRUCTIONS TO CANDIDATES
1.
2.
Answer ALL questions in the Answer Booklet. Start each answer on a new page.
Do not bring any other material into the examination room unless permission is given by the
invigilator.
Please check to make sure that this examination pack consists of:
i)
ii)
CONFIDENTIAL
CONFIDENTIAL
CS/JAN 2013/CSC662
QUESTION 1
Given the following scenario:
After selecting your groceries, you push your cart full of goods to one of the
checkout counters. The checkout sale assistant scans your groceries, totals
what you owe, and upon receiving payment from you gives you an itemized
receipt. However, you can't then simply exit the building with your groceries.
At the exit you are required by a security officer who inspects your receipt. If
the receipt looks okay (appears to match the number and types of items in
your cart), the security officer wills write the time of the checkout on the
receipt and hands it back to you. At this point, you can exit the building and
take the groceries to your car.
a)
b)
c)
By writing the checkout time on the receipt, describe an attack that supermarket tries
to prevent.
(2 marks)
QUESTION 2
Determine the below statements regarding computer virus and worm are TRUE or FALSE.
a)
b)
c)
d)
e)
f)
CONFIDENTIAL
CONFIDENTIAL
CS/JAN 2013/CSC662
QUESTION 3
As a software engineer, you have been assigned to design a mechanism that only allows
legitimate users to install and run an application. The application will be distributed through
the internet.
a)
b)
c)
Explain how your mechanism works. Please take into consideration that there are
possibilities of multiple installations of the application using the same serial number.
(4 marks)
QUESTION 4
a)
Confusion
Diffusion
(4 marks)
b)
QUESTION 5
a)
b)
Arbitrated Protocols
Adjudicated Protocols
Self-enforcing Protocols
(6 marks)
CONFIDENTIAL
CONFIDENTIAL
CS/JAN 2013/CSC662
QUESTION 6
a)
b)
QUESTION 7
Describe with example how the computer security objectives of confidentiality, integrity and
availability relate to database management system.
(9 marks)
QUESTION 8
Connecting a computer system to a network such as the Internet creates many threats to
computer security. Describe THREE (3) of these threats.
(6 marks)
QUESTION 9
a)
b)
QUESTION 10
a)
b)
c)
List FOUR (4) the network authentication protocol, Karberos design criteria.
(4 marks)
CONFIDENTIAL
CONFIDENTIAL
CS/JAN 2013/CSC662
QUESTION 11
The access control matrix is a simple framework to describe the relationship between
subjects and objects.
Subject
I
Subject
i
owner,
control
Subject
2
owner.
control
Subject
2
Subject
3
Sribject
3
call
call
owner.
control
File i
File 2
Process
1
owner.
read,
write
read
write
waketip
read
owner
b)
QUESTION 12
NGSCB employs a unique hardware and software design to enable new kinds of secure
computing capabilities to provide enhanced data protection, privacy and system integrity.
NSGCB operates two modes of operating systems in one system.
List FOUR (4) criteria's of trusted modes in the NGSCB Computing Environment.
(4 marks)
CONFIDENTIAL
CONFIDENTIAL
CS/JAN 2013/CSC662
QUESTION 13
In cryptography, one-time pad (OTP) encryption has been proven to be impossible to crack if
it is used correctly. Assuming A is represented by 0, answer the following questions based
on the information below:
Plain-text
Key
a)
b)
c)
Decrypt the cipher-text in (b) in order to prove that your encryption is correct.
(4 marks)
CONFIDENTIAL