INFA670 9041
EXAM INSTRUCTIONS
2. Part I is short answers. You MUST submit ONLY the answer sheet below for this part.
3. For Parts II & III, descriptions should be provided IN YOUR OWN WORDS. However,
when you use the exact words of others in any answer, you MUST use quotation marks and
attribute the source right there and provide a separate reference section for each descriptive
question following APA style recommendations. For these questions, correctness, logical flow,
4. This is an open-book individual examination. You may use any resource such as
books, articles, and the Web. The questions may require research beyond the text, lecture notes,
and conferences. You must, however, do your own work and you may not collaborate with your
classmates.
5. Do NOT post questions about this exam in any of the class forums. If you have a question
about the exam e-mail your instructor directly for a decision on whether the entire class needs to
6. Do NOT provide answers in a separate sheet, separate from the questions. It is very hard to
grade, especially if you mess up the order or provide the wrong number for a question.
A,D,E,F,G
11. D 12. A 13. A 14. B 15.A 16. 17. A 18. 19. 20.A
A,D,E A,B,C,D,F,G B
Mechanism (RVM), a Trusted Computing Base (TCB), and Target of Evaluation (TOE)
security functions? Be sure to do more than define what each is. Elaborate on their
differences.
validation method. This mechanism uses a policy that defines requirements on a reference
validating process. The reference validation is in such a way that it regulates the system control
(i) The validation must be non- by-passable. This means that if the system is being attacked, an
attacker will not be able to bypass this mechanism and be a threat to the system.
(ii) It must be tamperproof- This property helps the mechanism not be undermined by an
attacker.
3
(iii) The reference validation must be invoked- if this property is not available, the mechanism
cannot perform its operations in a good manner. The attacker will then have an easy time to
(iv) It must be evaluable- This means that it is a requirement for this property to be verified and
complete. In the absence of this property, this mechanism will not guarantee the security policy.
This is a set of hardware, software, and firmware components that are very crucial to a
computer system. The security property might be jeopardized by the bugs and the vulnerabilities
occurring in the computer system. Therefore, there is a need for a computer system to have a
trusted computing base. All the computer components should not be able to leak any information
Target of Evaluation
This is a framework in which users of a system specify their requirements, both functional and
fundamental (Watson & Jones, 2013). The system vendors make the security attributes of their
products and evaluate them to make sure that they meet the customer’s specifications. In this
mechanism, the system becomes the subject of evaluation. The evaluation process is expected to
References
Watson, D., & Jones, A. (2013). Digital forensics processing and procedures: Meeting the
Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements.
Amsterdam: Syngress.
2. (10 points) A company develops a new security product using the extreme
programming software development methodology – programmers code, then test, then add
4
more code, then test, and continue the iteration. Every day, the code base is tested as a
whole. The programmers work in pairs when writing code to ensure that at least two
people review the code. The company does not offer any additional evidence of assurance.
Explain to the management of this company why their software is NOT highly assured.
Software assurance involves many things all together. It consists of monitoring the
software engineering process and ways in which quality of the software can be increased. The
methods used are different according to the staffs, and also the type of the software. Software
quality assurance involves scanning the system within the whole process. From the start of the
system development to the completion and the maintenance, the system should always be tested.
In this method of software development, the developers use iteration process which allows the
system to be developed in bits (ObCom 2011, Venkata, Rajasekhara, &Ariwa, 2012). Therefore,
the best practice would test every phase of the system development.
The management needs to be checked regularly. The system should behave normally in
all the circumstances. For each development stage, the scanning needs to be done to make sure
that the whole system works efficiently. This system cannot be said to be fully assured because
there are so many loopholes that this system needs to avoid. In extreme programming, the
developers are mostly concerned about the code rather than the design. Therefore, if the system
is not tested regularly, its design may not impress the users of the system. The design is very
important when it comes to software applications. Because the extreme programming is mainly
done on XP projects, it is good to replace all the defects. Extreme methodology mainly does not
measure the quality assurance of the code. Therefore, there is a need to do testing regularly to
avoid defects. The management should, therefore, make sure that every step needs evaluation to
assurance if the developers are widely apart. In this company, the developers are in groups and
are not working together. The software to be developed in this case becomes insecure in matters
concerning system security and code configuration. It is not a guarantee that this system will
work efficiently. The testing process needs a strategy which will provide information about items
and techniques used in testing a system. Another thing is a test plan. It involves testing a system
and verifying each phase including the design and functional specifications. This helps to know
the approaches to take to test each tool, responsibilities of each system, and procedures to follow.
The case design needs too to be tested (Khour, 2016). This helps in uncovering the errors that are
found in the system either inherited or done during the development process. Each procedure
should be followed up to the ladder. The special requirements should be documented for future
reference. This is what will make the company be sure that the system is fully assured.
The types of testing available include; unit testing where each unit is tested differently
and its results recorded. Each unit should be able to compact with others to make sure that the
complete system works harmoniously. In integration testing, the analysts are required to test at
intervals of the system modules. This help to locate the modules that have faults. Finally the
functional testing is done. This is done to determine whether the system functions correctly.
Therefore, the system should undergo testing in all those phases and even after it is in use,
References
Feedback.
6
ObCom 2011, Venkata, K. P., Rajasekhara, B. M., &Ariwa, E. (2012). Global trends in
secure the weakest link. First, briefly describe each, then give a specific example of
each in practice, and then finally rank the relative importance of each (#1 highest,
This design principle requires an approach that grants access to the user and gives him or
her rights to specific information and tools. The rights to access the content are determined by
the time. At times, the resources to be accessed are limited. The task that users want to perform
is determined by the time intervals which help them complete the necessary tasks. The approved
context will determine the implications of granting an access to the system users. Generally, this
principle of security tries to limit data changes and prevent errors and accidents from occurring
by reducing the number of interactions with the system resources. For example; mail servers are
known for accepting mail from the internet and message copies are made in the directory. The
local server is responsible for delivery of the messages. In order to access the appropriate
network ports, there must be rights granted to access the directory. In this case, the server should
This principle requires that all the resources that are to be accessed by the users be
granted based on several conditions. For example there may be two conditions to be fulfilled. A
user may be granted to see the resources in a computer if he or she has an active status and also
has access to certain resources. In this case, if the user is not active, then he will not get access to
the resources. All the conditions must be met for a successful resources access.
In this principle, applications will most of the times fail to process the transactions for a
number of reasons. By failing, this is what determines if the application is secure or not. For
example an application may fail due if the user is not admin. The specifi8cations assigned to the
admin are not the same as those assigned to other users. If then he is the admin, there may be a
restriction of trying to enter into the system. Some trials will go through while others will
decline. In this case, if the system fails to throw an exception, the user will automatically be the
principle may be violated if it is not strictly enforced. For example the sharing of a key card
access system can be implemented and sharing of the key card may be a way of violating this
principle.
In this principle, security practitioners often look at the system security as a chain. The
chain’s strength is compared to the weakest link. A weakest component is the same as a software
system. Attackers will always target the weakest point of the system. This point is rarely a
security function. The weakest link should be considered when determining a secure design and
8
the developers should make sure that the system is secure enough. For example; it is wise to stay
updated on all the software that is upcoming (Duro, Kondratenko, & Duro, 2015). Some new
software utilities allow you to delete data from another computer remotely. This can be used to
1. Fail Securely
3. Separation of privilege
4. Least privilege
5. Nonrepudiation
According to the discussion of guidelines in these principles, fail securely is the most
important because all the contents available in the system are separated as either those that
should be accessed by the admin or those to be accessed by other users. Securing the weakest
link is the second in privilege. Hackers have been on the rise, and their target is where the system
is weakest. Separation of privilege principle allows you to access the specifics of the system
according to reasons of access that user has. In the fourth principle, specifics are considered
which has no bold reason as secure mean as the three principles discussed above. The fifth one
deals with the matching of actions with the resources to be availed. Some of the people may
References
Duro, R., Kondratenko, Y., &Duro, R. J. (2015). Advances in Intelligent Robotics and
involves coding changes, but could also include specification changes or even
vulnerabilities.
on
Common Attack
Publicly available catalog of attack patterns, a
Patter Enumeration
dictionary and classification taxonomy of attack DHS
and Classification
methods used to exploit vulnerabilities.
(CAPEC)
fielding
10
Adversarial Tactics,
Techniques, and
Post attack activities of an adversary. MITRE
Common Knowledge
(ATT&CK)
The Pentagon’s Development Test and Evaluation (DT&E) organization has hired
https://insidedefense.com/daily-news/dods-dte-shop-encourages-tabletop-exercises-
focus-cybersecurity-efforts and
https://www.dau.mil/cop/test/DAU%20Sponsored%20Documents/Cybersecurity%20St
andard%20Overview%20May%202017%20PRMark.pdf).
A) First, identify at least one advantage and disadvantage for each approach and rank
C) Lastly, explain how to improve your #1 approach for proper use in a DT&E CTT.(2
points)
11
A) First, identify at least one advantage and disadvantage for each approach and rank
each on a scale from #1 (Highest) to #5 (Lowest). (10 points)
This approach provides a mechanism for giving software weaknesses a priority in how it is
opened, its flexibility, and consistency. It is done by involving the community and stakeholders
in the government and other related companies. It involves all the stakeholders thus it is a very
efficient way of dealing with security threats thus any decision made is more informed. The
problem is that it may take longer to review all these three parties views to make a decision.
It is more concerned in educating the community on a threat to the system. The more people
know about the systems threats, the more they can deal with them. This method is one of the best
because everybody who is educated can know the trends involved in hacking and how to deal
with the threats. Therefore, safety is guaranteed. The shortcoming is that; this method may be
This is a project by the United States government to help people and organizations in researching
the automation of managing vulnerabilities. This comes along with other security goals of the
company. The advantage of this approach is that government is involved. Therefore, the services
are cheaper and also deals with both individuals and companies. The shortcomings of this
approach are that it deals with so many people and offers standardized security practices while
This approach provides a framework on where the software has weaknesses regarding flexibility,
consistency, and other aspects regarding security. The benefit of this approach is that it supports
the selection of relevant weaknesses that affects a specific organization’s mission. The only
disadvantage is that a company may concentrate on one weakness that they feel it affects them,
but there are many other security loopholes that hackers can use.
This is a document that is used by MITRE Corporation. It looks into how the systems are
attacked and how the attackers do it. This pattern is clear and allows the company to block the
attackers from repeating the hacking using the same method. The shortcomings of this method
are that attackers are aware of new technology and new methods of hacking. So, there is need of
research on what other ways that are there that attackers can use to hack the system.
In the first approach, it involves all the stakeholders, community, and even the government.
Although the process may be long, it helps the community and all people as a country to come
together and fight cybercrimes that are on rising (Liu, Yang, University of Delaware,, &
University of Delaware, 2017). In the second approach, it makes the community aware that there
is cybercrime and how bad people use it benefits themselves and spoiling other people’s data.
This is the best thing to do as the community is aware, sees the threats and know how to counter
them.
C) Lastly, explain how to improve your #1 approach for proper use in a DT&E CTT. (2
points)
In an effort of improving the priority approach, not only the community needs to be involved in
giving out their views but also being educated. If we combine the approach number one and two,
13
this would be a perfect thing to fight cybercrime. Stakeholders together with the government
should put the necessary measures in preventing attackers from accessing the systems. In the
development, testing, and evaluation stages, the community needs to be involved to make sure
that the system works best for them. For example in the process of sending and receiving parcels
or emails, the system needs to be monitored to make sure that they come from authentic sources
before reaching the intended receiver(Rountree, 2011). The government should also give a guide
on how to form new cybercrime policies so that the law can be clear about it.
References
Liu, C., Yang, C., University of Delaware,, & University of Delaware. (2017). Design time and
Rountree, D. (2011). Security for Microsoft Windows system administrators: Introduction to key
Part III: Long Essay (1 Question, 3-page max double-spaced) (35 points)
us/sdl/)
https://www.owasp.org/index.php/CLASP_Concepts).
Pick ONE of the above methodologies. Explain what the methodology is, how well it
addresses security concerns in the life cycle, and what the drawbacks are if any. Using
Microsoft Company is concerned with both the mobile applications and PCs. In the
building of their systems, it is very crucial to consider the opening of the IDE, and testing before
submitting the apps to be downloaded and used. For example in their mobile app development
cycle, there are major development processes that are involved. It usually starts with the idea that
needs to be implemented. The idea is then designed, and different phases are used in, the layout.
The development process is then followed. This is the actual making of the applications.
The stabilization of the system or the application is done to make sure that all the bugs
are fixed fully. The system may be used by many audiences. Therefore, at times, there is a need
for the company to get some feedback on how the system works. The system is also deployed
while the UI is being finalized. If there is a need to add new features to the system, this is the
1. Training
The system developers are trained on the specifications that the company needs. They
analyze their competitor’s similar systems and the addition that they are supposed to9 make in
their new system. The training also incorporates the security features of the system which is the
most important thing in securing the user’s information (Easttom, 2016). In this phase, every
other security infringement that has been experienced before are analyzed, and improvements
2. Requirements
The security requirements of the new system are documented. Each system has its
specifications based on the security requirements. On the same process, quality gates are made.
This is to make sure that the bugs that may be experienced during the usage process of the
15
system have a solution. This helps in countering the threats to occur in future. Assessments are
also done to make sure that the privacy property of the users is maintained. The privacy of data
and information determines the loyalty of the clients to the system. So, this is a very crucial
process.
3. Design
In this phase, the design requirements that suit the users are analyzed. The design should
not be giving hints to the attackers on how to access unauthorized resources from the system. An
analysis of how attack may be performed is the also done. This is to mitigate for future attacks.
The threat modeling is the last one. This is to point out the possibilities, impacts, and other risks
4. Implementation
In this stage, the company is concerned about the tools used. They approved the tools to
be used which are line with their security principles. The next step is deprecating the unsafe
functions. This is more into data corruption. The consistency of the system is maintained to
avoid maintaining successful search of any information in the system. It also avoids or notes data
alteration activities in good time. The last step of this phase is conducting static analysis. This is
done without executing the programs. This is done with the source code to measure their security
performances.
5. Verification
and the security measures are being considered during each process is conducted. A lot of testing
is done to be sure that no special feature is left out. All the parts of the system are also reviewed
6. Release
A response plan is created. This is to help the system detect any malicious activity that
may be going on in the system. Also final security, a review is done to analyze the security
strengths of the whole system at large. If the security is seen to be what it was expected, the
system is then certified, released, and security features archived by the normal users (Privacy
7. Response
While the system is in use, the security issues associated with its executions are
responded to as soon as possible. Therefore, there is a need to have a [plan of how to conduct
such a response soi that users can operate the system in the most effective way without fail.
1. This process is used where the requirements are available. If the company has set the
requirements and some of them fail to be available, the process cannot go on.
2. If the system is not complete, the software cannot be said to be fully secure.
3. This method does not offer any insights of how the final system will look like until it is
complete.
4. This type of model is not available if software needs to be upgraded. It must start from the
References