From 4892dee1e49827a69f06cb3995b5e66041184d22 Mon Sep 17 00:00:00 2001 From: mo khan Date: Sat, 24 Jul 2021 12:32:10 -0600 Subject: feat: answer question 1 --- doc/assignment4.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'doc/assignment4.md') diff --git a/doc/assignment4.md b/doc/assignment4.md index 2b436e2..20326a4 100644 --- a/doc/assignment4.md +++ b/doc/assignment4.md @@ -11,6 +11,28 @@ It is worth 15% of your final grade for this course. Please answer the following questions in complete sentences. Your answer for each question should be about 150 words. 1. Why is it important to distinguish between mechanisms of protection and policies of protection? + + Protection mechanisms are used to constrain the potential senders and/or + receivers of a message and to make sure that data is transmitted securely. + This includes things like cryptographic/digital signatures to ensure that a + piece of data or message hasn't been tampered with and/or to verify that data + was produced by trusted parties. This is used in many different protocols such + as security assertion markup language (SAML) transactions, transport layer + security (TLS), OAuth 2.0 and more. + + Protection policies are used to enforce constraints on what things can be + done. Examples of this include absolute and relative session timeout policies + and acceptable TLS cipher suites. Policies can change over time as modern + cipher suites are released and vulnerabilites, and knowledge is improved. + + + Separating mechanisum from policy is more flexible because policies are likely + to change over time. Policy changes might require changes in the underlying + mechanism. + + Protection mechanisms determine **how** to do something and protection policies + determine **what** will be done. + 1. What is an access matrix, and how can it be implemented? 1. How does a virus differ from a worm? 1. What is the difference between symmetric encryption and asymmetric encryption? -- cgit v1.2.3