Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

1 . Assume a database service runs with highest privileges ( root or superuser ) . A privilege escalation SQL injection attack enables an attacker

1. Assume a database service runs with highest privileges (root or superuser). A privilege escalation SQL injection attack enables an attacker to craft and run a custom query. In this case, what design principle has been violated by the attacker. User acceptability Correct Answer least privilege. You Answered Economy of mechanism. Open DesignKAssume a database service runs with highest privileges (root or superuser). A privilege escalation SQL injection attack enables an attacker to craft and run a custom query. In this case, what design principle has been violated by the attacker. User acceptability Correct Answer least privilege. You Answered Economy of mechanism. Open Designerckhoff's principle states that a system should remain secure if everything about the system, except secrets held in keys, are made public. The design principle discussed in class which captures Kerckhoff's principle is a. Least privilege b.Open design c. Fail-safe defaults d. User acceptability 2. Assume a database service runs with highest privileges (root or superuser). A privilege escalation SQL injection attack enables an attacker to craft and run a custom query. In this case, what design principle has been violated by the attacker. a. User acceptability b.least privilege. c. Economy of mechanism. d.Open Design. 3. Major vulnerabilities in open source software have been reported in the recent years. This observation runs counter to the following design principle. a. Defense-in-depth b. Failsafe defaults. c. Open design. d. Least common mechanism. .4 Because of potential hacking of election systems, vendors are advocating the use of voting machines that record the vote automatically but produce a paper receipt that can be used by a voter to verify his/her choices. Such receipts can also be used in an audit in a close election. Many security researchers are skeptical of such machines that automatically record user votes even when a paper receipt is generated because they rely on the assumption that voters will check receipts. Such skepticism can possibly explained by the following design principle. a. Economy of mechanism b. User acceptability c.Open Design d. Least Privilege. 5. According to the Saltzer and Schroeder paper that was assigned for reading, proposals that advocate performance gains by caching of access control decisions could violate the following design principle fail-a. safe defaults. b. complete mediation. c. open design. d. least privilege.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Excel 2024 In 7 Days

Authors: Alan Dinkins

1st Edition

B0CJ3X98XK, 979-8861224000

More Books

Students also viewed these Databases questions

Question

identify current issues relating to equal pay in organisations

Answered: 1 week ago