Sheet 1

Questions
1.1 What is the OSI security architecture?
1.2 What is the difference between passive and active security threats?
1.3 List and briefly define categories of passive and active security attacks.
1.4 List and briefly define categories of security services.
1.5 List and briefly define categories of security mechanisms.

Problems
1.1 Consider an automated teller machine (ATM) in which users provide a
personal identification number (PIN) and a card for account access.
Give examples of confidentiality, integrity, and availability
requirements associated with the system and, in each case, indicate
the degree of importance of the requirement.

1.2 Repeat Problem 1.1 for a telephone switching system that routes calls
through a switching network based on the telephone number
requested by the caller.

1.3 Consider a desktop publishing system used to produce documents for

various organizations.
a. Give an example of a type of publication for which confidentiality of
the stored data is the most important requirement.
1
Prepared By Dr. Mohamed Moawed
 b. Give an example of a type of publication in which data integrity is the
most important requirement.
c. Give an example in which system availability is the most important
requirement.

1.4 For each of the following assets, assign a low, moderate, or high
impact level for the loss of confidentiality, availability, and integrity,
respectively. Justify your answers.
a. An organization managing public information on its Web server.
b. A law enforcement organization managing extremely sensitive
investigative information.
c. A financial organization managing routine administrative information
(not privacy related information).
d. An information system used for large acquisitions in a contracting
organization contains both sensitive, pre-solicitation phase contract
information and routine administrative information. Assess the impact
for the two data sets separately and the information system as a whole.
e. A power plant contains a SCADA (supervisory control and data
acquisition) system controlling the distribution of electric power for a
large military installation. The SCADA system contains both real-time
sensor data and routine administrative information. Assess the impact
for the two data sets separately and the information system as a whole.

2
Prepared By Dr. Mohamed Moawed
 Model Answers
ANSWERS TO QUESTIONS
1.1 The OSI Security Architecture is a framework that provides a
systematic way of defining the requirements for security and
characterizing the approaches to satisfying those requirements. The
document defines security attacks, mechanisms, and services, and the
relationships among these categories.
1.2 Passive attacks have to do with eavesdropping on, or monitoring,
transmissions. Electronic mail, file transfers, and client/server
exchanges are examples of transmissions that can be monitored.
Active attacks include the modification of transmitted data and
attempts to gain unauthorized access to computer systems.
1.3 Passive attacks: release of message contents and traffic analysis.
Active attacks: masquerade, replay, modification of messages, and
denial of service.
1.4 Authentication: The assurance that the communicating entity is the
one that it claims to be.
Access control: The prevention of unauthorized use of a resource
(i.e., this service controls who can have access to a resource, under
what conditions access can occur, and what those accessing the
resource are allowed to do).
Data confidentiality: The protection of data from unauthorized
disclosure.
Data integrity: The assurance that data received are exactly as sent
by an authorized entity (i.e., contain no modification, insertion,
deletion, or replay).

3
Prepared By Dr. Mohamed Moawed
 Nonrepudiation: Provides protection against denial by one of the
entities involved in a communication of having participated in all or
part of the communication.
Availability service: The property of a system or a system resource
being accessible and usable upon demand by an authorized system
entity, according to performance specifications for the system (i.e., a
system is available if it provides services according to the system
design whenever users request them).
1.5

4
Prepared By Dr. Mohamed Moawed
 ANSWERS TO PROBLEMS
1.1 The system must keep personal identification numbers confidential,
both in the host system and during transmission for a transaction. It
must protect the integrity of account records and of individual
transactions. Availability of the host system is important to the
economic well-being of the bank, but not to its fiduciary responsibility.
The availability of individual teller machines is of less concern.

1.2 The system does not have high requirements for integrity on individual
transactions, as lasting damage will not be incurred by occasionally
losing a call or billing record. The integrity of control programs and
configuration records, however, is critical. Without these, the switching
function would be defeated and the most important attribute of all -
availability - would be compromised. A telephone switching system
must also preserve the confidentiality of individual calls, preventing
one caller from overhearing another.

1.3 a. The system will have to assure confidentiality if it is being used to

publish corporate proprietary material.

b. The system will have to assure integrity if it is being used to laws or

regulations.

c. The system will have to assure availability if it is being used to

publish a daily paper.

1.4 a. An organization managing public information on its web server

determines that there is no potential impact from a loss of
5
Prepared By Dr. Mohamed Moawed
 confidentiality (i.e., confidentiality requirements are not applicable), a
moderate potential impact from a loss of integrity, and a moderate
potential impact from a loss of availability.

b. A law enforcement organization managing extremely sensitive

investigative information determines that the potential impact from a
loss of confidentiality is high, the potential impact from a loss of
integrity is moderate, and the potential impact from a loss of
availability is moderate.

c. A financial organization managing routine administrative information

(not privacy-related information) determines that the potential impact
from a loss of confidentiality is low, the potential impact from a loss of
integrity is low, and the potential impact from a loss of availability is
low.

d. The management within the contracting organization determines

that:
(i) for the sensitive contract information, the potential impact
from a loss of confidentiality is moderate, the potential impact
from a loss of integrity is moderate, and the potential impact from
a loss of availability is low; and
(ii) for the routine administrative information (non-privacy-
related information), the potential impact from a loss of
confidentiality is low, the potential impact from a loss of integrity
is low, and the potential impact from a loss of availability is low.

6
Prepared By Dr. Mohamed Moawed
 e. The management at the power plant determines that:
(i) for the sensor data being acquired by the SCADA system, there
is no potential impact from a loss of confidentiality, a high
potential impact from a loss of integrity, and a high potential
impact from a loss of availability; and
(ii) for the administrative information being processed by the
system, there is a low potential impact from a loss of
confidentiality, a low potential impact from a loss of integrity, and
a low potential impact from a loss of availability. Examples from
FIPS 199.

7
Prepared By Dr. Mohamed Moawed