INFA 670, Spring 2016
Note: There is no minimum or maximum page length for your answer sheet. Answer questions with well thought out answers, explain your answer, and show your work. Answers, even if right but without an explanation (Also- must include references for each problem-APA Style), will get no credit. Open book/notes/internet, but individual, NOT TO BE SHARED. There is no limitation in terms of space for each answer as the content is more important than the quantity.
GRADING COMMENTS: NOTE: Your word document shall be prepared in the APA and make sure you include your references to each question. Pl
NOTE: You will not be required to submit this test through TURNITIN, but you are required to provide a list of all references associated with your answer. Professor will be reviewing all references to make sure you have not cut and pasted information from other sources. In addition, he has the option of running your paper through TURNITIN. Wiki reference(s) will not be accepted and please do not use any wiki references.
LATE-PENALTY – FROM THE SYLLABUS (Late Policy: Assignments are due as outlined in the Web Tycho Site. Late assignments will be graded down by 10%/DAY of the grade.)
Answer the following questions.
1)(10 pts.) Chapter 18 (pgs. 494-495) –Problem#4
Question: Requirements are often difficult to derive, especially when the environments in which the system will function, and the specific tasks it will perform, are unknown. Explain the problem that this causes during development of assurance.
2) (10 pts.) Chapter 18 (pgs. 494-495) –Problem#5
Question: Why is the waterfall model of software engineering the most commonly used method for development of trusted system?
3) (10 pts.) Chapter 20 (pg. 569) –Problem#3
Question: Why does the Boyer-Moore theorem prover perform induction only when the other five steps fail to simplify the formula? Why does it not try induction first?
4) (10 pts.) Chapter 21 (pgs. 609-610) –Problem#4
Question: What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the TOE security Functions
5) (10 pts.) Chapter 21 (pgs. 609-610) –Problem#6
Question: identify the specific requirements in the Common Criteria that describe a reference validation mechanism. Hint: Look in both security functional classes and security assurance classes.
6) (10 pts.) Chapter 23 (pgs. 685-687) –Problem#5
Question: Can the UNIX Bourne shell variable HOME, which identifies the home directory of a user to programs that read start-up files from the user’s home directory, be used to compromise a system? If so, how?
7) (10 pts.) Chapter 23 (pgs. 685-687) –Problem#11
Question: The NRL classification scheme has three axes: genesis, time of introduction, and location. Name two other axes that would be of interest to an analyst. Justify your answer.
8) (10 pts.) Chapter 23 (pgs. 685-687) –Problem#12
Question: In the NRL, classification scheme for the “time of introduction” axis, must the development phase precede the maintenance and operation phases, and must the maintenance phase precede the operation phase? Justify your answer.
9) (14 pts.) Essay Question: Type-1 certification (TOP SECRET) focuses on Development Methodology. How would you address this certification issue with your hypothetical company (make up one for this problem) for your system (for example: operating system) that you are trying to certify at the TOP SECRET level? This certification issue focuses on two areas: (a) Software Development Process and (b) Life Cycle Model. Hint: Remember; you are focusing on security as your top priority for this case and not necessarily performance. (All the external information (outside of your textbook) you need to answer this question is on the Internet (no other sources allowed) and you don’t need a security background on this subject. In addition, this subject has been addressed in a previous course in the INFA Curriculum (610)). This is a capstone question to get you thinking as a computer security system designer for information assurance.
10) (6 pts.) You have two (2) data centers shown below. You are the information security design engineer for Bonner Corporation. You have been asked to develop three (3) requirements for the data centers that address CIA. Please identify the requirements you are addressing and describe it in detail.
Computer Security: Art and Science (Textbook Only) by Matt Bishop
GRADING:
1._________ (10 pts.)
2._________ (10 pts.)
3._________ (10 pts.)
4._________ (10 pts.)
5._________ (10 pts.)
6._________(10 pts.)
7._________(10 pts.)
8._________(10 pts.)
9._________(14 pts.)
10.________(6 pts.)
Our Service Charter
-
Excellent Quality / 100% Plagiarism-Free
We employ a number of measures to ensure top quality essays. The papers go through a system of quality control prior to delivery. We run plagiarism checks on each paper to ensure that they will be 100% plagiarism-free. So, only clean copies hit customers’ emails. We also never resell the papers completed by our writers. So, once it is checked using a plagiarism checker, the paper will be unique. Speaking of the academic writing standards, we will stick to the assignment brief given by the customer and assign the perfect writer. By saying “the perfect writer” we mean the one having an academic degree in the customer’s study field and positive feedback from other customers. -
Free Revisions
We keep the quality bar of all papers high. But in case you need some extra brilliance to the paper, here’s what to do. First of all, you can choose a top writer. It means that we will assign an expert with a degree in your subject. And secondly, you can rely on our editing services. Our editors will revise your papers, checking whether or not they comply with high standards of academic writing. In addition, editing entails adjusting content if it’s off the topic, adding more sources, refining the language style, and making sure the referencing style is followed. -
Confidentiality / 100% No Disclosure
We make sure that clients’ personal data remains confidential and is not exploited for any purposes beyond those related to our services. We only ask you to provide us with the information that is required to produce the paper according to your writing needs. Please note that the payment info is protected as well. Feel free to refer to the support team for more information about our payment methods. The fact that you used our service is kept secret due to the advanced security standards. So, you can be sure that no one will find out that you got a paper from our writing service. -
Money Back Guarantee
If the writer doesn’t address all the questions on your assignment brief or the delivered paper appears to be off the topic, you can ask for a refund. Or, if it is applicable, you can opt in for free revision within 14-30 days, depending on your paper’s length. The revision or refund request should be sent within 14 days after delivery. The customer gets 100% money-back in case they haven't downloaded the paper. All approved refunds will be returned to the customer’s credit card or Bonus Balance in a form of store credit. Take a note that we will send an extra compensation if the customers goes with a store credit. -
24/7 Customer Support
We have a support team working 24/7 ready to give your issue concerning the order their immediate attention. If you have any questions about the ordering process, communication with the writer, payment options, feel free to join live chat. Be sure to get a fast response. They can also give you the exact price quote, taking into account the timing, desired academic level of the paper, and the number of pages.