Question 1.1The OSI Security Architecture is an outline that gives a sorted-outmethod for characterizing the prerequisites for security and describing thetechniques to filling those requirements. Question 1.2Active security threats include data transmitted beingmodified and efforts to gain unauthorized access to computer systems.Passive security threats are usually associated with eavesdroppingon, or, monitoring, transmissions.
Electronic mail, client or server exchangesand file transfers are examples. Question 1.3Active security attacks: masquerade, replay, modification ofmessages and denial of servicePassive security attacks: release of message contents andtraffic analysis. Question 1.
4Access control: prevention of unauthorized use of a resourcethat is service controls who can have access to a resource.Authentication: it is the assurance that the communicatingentity is the one that it claims to be.Availability service: a system being accessible upon demandby an authorized system entityData confidentiality: it the protection of data from unofficialrevelation.
Data integrity: the confirmation that information got areprecise as sent by an approved element.Nonrepudiation: this provides security against denial by oneof the elements involved in a communication of having taken part in all thecommunication. Question 1.5a. Specificsecurity mechanism May be combined into the suitable protocol layer in order tooffer some of the OSI security services.Encipherment: the use of mathematical algorithms to changedata into a form that is not readily understandable. Digital Signature: Data appended to a data unit that allowsa recipient of the data unit to prove the source and integrity of the data unitand protect against forgery.
Access Control: the variety of mechanisms that enforceaccess rights to resources.Data Integrity: the variety of mechanisms used to assure theintegrity of a data unit or stream of data units.Authentication Exchange: mechanism intended to ensure theidentity of an entity by means of information exchange.Traffic Padding: inclusion of bits into gaps in aninformation stream to disappoint traffic analysis attempts.Routing Control: Enables determination of specificphysically secure routes for specific information.Notarization: use of a trusted third party to data exchange.
b. Pervasivesecurity mechanismsMechanisms that are not definite to any certain OSI securityservice.Trusted Functionality: That which is alleged to be correctwith respect to some criteria.Security Label: The marking bound to a resource that names thesecurity attributes of that resource.
Event Detection: Detection of security-relevant events.Security Audit Trail: Data collected and used to simplify asecurity audit.Security Recovery: Deals with demands from systems Question 1.6Economy of Mechanism: Thisprinciple says that the design of security measures personified in bothhardware and software should be as basic and little as could be expected underthe circumstances. Fail-safe defaults: Thisprinciple says that access decisions should be based on permission rather thanexclusion. Complete mediation: This principle says that every access must be checked againstthe access control mechanism. Open design: This principle says that the design of a security mechanismshould be open rather than secret Separation of privilege: Thisprinciple says can be defined as a practice in which multiple privilegeattributes are required to achieve access to a restricted resource. Least privilege: This standard says that every procedure and eachclient of the system should operate using the least set of freedoms necessaryto perform the dutyLeast common mechanism:This principle says that the design should to limit thecapacities shared by various clients, giving common security.
This principlehelps reduce the number of unintended communication paths and reduces theamount of hardware and software on which all users depend.Psychological acceptability: This principle implies that the securitymechanisms should not interfere unduly with the work of users, while at thesame time meeting the needs of those who authorize access. Encapsulation: concealingtraits in programming so that you can make changes in one placewithout having to also make changes in the other parts of an applicationModularity: design approach that divides asystem into smaller parts called modules.Layering: joiningnumerous moderating security to protect resources and data.
least astonishment: applies to userinterface and software design, fromthe ergonomics standpoint. Question 1.7Attack Surface: Comprises of the reachable vulnerabilitiesin a system.Attack Tree: spreading progressiveinformation structure that speaks to an arrangement of potential strategies forsecurity vulnerabilities.