Seminar Presentations Questions

Chapter 3: User Authentication Page 107, Review Questions 3.1, 3.3, 3.4, 3.5, 3.6, 3.9

Chapter 4: Access Control

1. State which access system requirment is violated in each of the following:
   1. Zeus is running a Find operation when his process is hijacked and files Zeus owns begin being deleted.
   2. RoleA was banned from accessing FileX; RoleB has access to FileX. Odin possesses both RoleA and RoleB. When Odin attempts to access FileX, his user session crashes.

2. Dr. Shende hates being the system administrator because he has to change each user to explicitly not be able to access new files he makes. If this is the case, what type of policy must the access system be using?

3. What is the main advantage of storing the access control matrix as a table instead of a matrix?

4. Assuming you are constructing an access system for a computer which will have 5 users, which scheme we discussed (DAC or BRAC) would be best and why?

Chapter 5: Database Security

1. Pages 172 - 175: #5.6, 5.7(b), 5.11, 5.19

2. What is the difference between query restriction and perturbation?

3. Why do you need to be careful with perturbation techniques?

4. What are the two disadvantages of using data encryption?

5. Describe the pros and cons of working with encrypted data separately and as blocks.

Chapter 6: Intrusion Detection

Jared's Presentation in PDF format

Link to Reading

Questions

1. Question for Section 2: What difficulties in detecting threats have become easier or non-issues since this report in 1980?

2. Question for Section 4: Which pieces of the proposed surveillance system are still relevant with today's computer systems? Which parts, if any, have become irrelevant?