blob: 2eb22b7180244f98ce21fec84bfad737952eafd5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
# Computer Science 314: Operating Systems
### Mo Khan - 3431709
Assignment 4
This assignment should be submitted after you have finished Unit 5.
It is worth 15% of your final grade for this course.
## Part 1: Concepts (20 marks; 4 marks each)
Please answer the following questions in complete sentences. Your answer for each question should be about 150 words.
1. Why is it important to distinguish between mechanisms of protection and policies of protection?
Protection mechanisms are used to constrain the potential senders and/or
receivers of a message and to make sure that data is transmitted securely.
This includes things like cryptographic/digital signatures to ensure that a
piece of data or message hasn't been tampered with and/or to verify that data
was produced by trusted parties. This is used in many different protocols such
as security assertion markup language (SAML) transactions, transport layer
security (TLS), OAuth 2.0 and more.
Protection policies are used to enforce constraints on what things can be
done. Examples of this include absolute and relative session timeout policies
and acceptable TLS cipher suites. Policies can change over time as modern
cipher suites are released and vulnerabilites, and knowledge is improved.
Separating mechanisum from policy is more flexible because policies are likely
to change over time. Policy changes might require changes in the underlying
mechanism.
Protection mechanisms determine **how** to do something and protection policies
determine **what** will be done.
1. What is an access matrix, and how can it be implemented?
A model of protection known as the access matrix represents which domains have
access to which objects.
The follow table is an example of an access matrix for different users access
to a specific resource.
| user | read | write | execute |
| ---- | ---- | ----- | ------- |
| 1000 | x | | x |
| 2000 | x | x | x |
| 3000 | x | | |
Access matrices makes it possible to define what types of operations different
domains can perform against different types of objects. The access matrix can
implement policy decisions related to protection.
1. How does a virus differ from a worm?
A worm is a process that duplicates itself to propagate across a network. They
are designed to use up system resources in order to reproduce itself so that
it can continue to infect other hosts.
A virus is a fragment of code embedded in a legitimate program. Viruses can
also be self replicating but tend to target weaknesses in programs. They
can wreak havoc in a system by modifying or destroying files and causing
system crashes and program malfunctions.
1. What is the difference between symmetric encryption and asymmetric encryption?
1. What are the two main varieties of authentication algorithms?
|
