Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

There can be multiple answers for one question. 10) What are some examples that conceptually map to the BLP or Biba model? a) In buffer

There can be multiple answers for one question.

image text in transcribed

10) What are some examples that conceptually map to the BLP or Biba model? a) In buffer overflow, command line argument is considered a low-integrity object. A root process is considered a high-integrity subject that should not be allowed to read the low-integrity data (thus allowing control flow to be hijacked) b) In time-of-check, time-of-use attack, the file or directory controlled by an attacker is considered a low-integrity object. A root process is considered a high integrity subject that should not be allowed to read the low-integrity data (thus being tricked to perform unintended operations) c) In directory traversal attack, the passwd file is considered the high-secrecy object. A root process (web server) is considered a low-secrecy subject since it needs to read the public HTML files and serve them to clients. A low-secrecy subject should not be allowed to read a high-secrecy object (thus leaking the passwd file unintendedly) 11) Which of the following about resource access attacks are correct? a) They are caused by violations of BLP or Biba security policies. b) They are caused by mismatches of expectations (e.g., high-integrity subjects expect high-integrity objects but mistakenly got low-integrity objects). c) We need to look at both the code and access control policy to identify resource access attacks. 12) In computer security, there's a well-known principle called principle of the least privilege. The idea is that every subject (process, user, program) should have access to only the information and resources they absolutely need (no more should be allowed). Which of the following are correct based on your judgement? a) Not running processes as root when not necessary (e.g., chrome or firefox) is a one example of principle of least privilege b) The reasoning behind the principle is to prevent an attacker to compromise a subject c) The reasoning behind the principle is to reduce the damage once a subject is compromised

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Strategic Database Technology Management For The Year 2000

Authors: Alan Simon

1st Edition

155860264X, 978-1558602649

More Books

Students also viewed these Databases questions