Security in Computing
1. Classify each of the following as a violation of confidentiality, of integrity, of availability, or of some combination thereof.
a. John copies Mary’s homework. b. Paul crashes Linda’s system. c. Carol changes the amount of Angelo’s check from $100 to $1,000. d.
Gina forges Roger’s signature on a deed. e. Rhonda registers the domain name “AddisonWesley. com” and refuses to let the publishing house buy or use that domain name. f. Jonah obtains Peter’s credit card number and has the credit card company cancel the card and replace it with another card bearing a different account number. .
Henry spoofs Julie’s IP address to gain access to her computer. 2. Theft usually results in some kind of harm. For example, if someone steals your car, you may suffer financial loss, inconvenience (by losing your mode of transportation), and emotional upset (because of invasion of your personal property and space). a. List three kinds of harm a company might experience from theft of computer equipment. b.
List at least three kinds of harm a company could experience from electronic espionage or unauthorized viewing of confidential company materials. c.List at least three kinds of damage a company could suffer when the integrity of a program or company data is compromised. 3. Preserving confidentiality, integrity, and availability of data is a restatement of the concern over interruption, interception, modification, and fabrication. How do the first three concepts relate to the last four? That is, is any of the four equivalent to one or more of the three? Is one of the three encompassed by one or more of the four? 4. Describe an example in which absolute denial of service to a user (that is, the user gets no response from the computer) is a serious problem to that user.
Describe another example where 10 percent denial of service to a user (that is, the user’s computation progresses, but at a rate 10 percent slower than normal) is a serious problem to that user. Could access by unauthorized people to a computing system result in a 10 percent denial of service to the legitimate users? How? 5. Developers often think of software quality in terms of faults and failures. Faults are problems, such as loops that never terminate or misplaced commas in statements, that developers can see by looking at the code.Failures are problems, such as a system crash or the invocation of the wrong function, that are visible to the user. Thus, faults can exist in programs but never become failures, because the conditions under which a fault becomes a failure are never reached. How do software vulnerabilities fit into this scheme of faults and failures? Is every fault a vulnerability? Is every vulnerability a fault? 6.
Consider a program that allows consumers to order products from the web. Who might want to attack the program? What types of harm might they want to cause? What kinds of vulnerabilities might they exploit to cause harm?