Q1

a) Give an example of malicious code execution , and illustrate the four different ways of defending against malicious code execution on that example. b) Explain and illustrate the vulnerability life-cycle on a cyber- attack of your choice .

Q2 This question is about Attribute-based Access Control policies.

a) Given the attributes A and B, which can be True, False or Unknown, define a policy P such that all the following conditions are met: i) If B is True, then P evaluates to Permit, ii) if B is False and A is True, then P evaluates to Deny, iii) otherwise, P evaluates neither to Permit nor Deny.

b) Given the attributes A, B and C, which can be True, False or Unknown, define a policy P such that all the following conditions are met: i) if any attribute is True, then P evaluates to Permit, ii) otherwise, P evaluates to Deny.

Q3 A company is offering a new online payment system using a biometric authentication solution. A customer must first register using a mobile app, scanning their face and storing their payment details on a remote server. After registration, every time a customer wants to purchase a product online, the must open an application on their phone which will take a picture of their face, and matching it against the template stored at registration. The server storing the templates is a UNIX server, and the connection between the phone application and the server is secured using TLS. a) Identify and assess the risk of an Information Disclosure threat, and recommend an avoidance risk control against that threat.

b) Identify and assess the risk of a Tampering threat, and recommend a mitigation risk control against that threat.

Q4

in the table

a) Without suppressing any row of the table, provide a transformation of this table such that the resulting table has a k-anonymity of exactly 2 . [5 Marks] b) Without suppressing any row of the table, provide a transformation of this table such that the resulting table has a k-anonymity of exactly 3 . [5 Marks] c) Without suppressing any row of the table, provide a transformation of this table such that the resulting table has a k-anonymity of exactly 4. [5 Marks] d) Without suppressing any row of the table, provide a transformation of this table such that the resulting table has a k-anonymity of exactly 8. [5 Marks]