UNIVERSITI SAINS MALAYSIA. CST431/CST335 Systems Security & Protection [Keselamatan & Perlindungan Sistem]

Similar documents
UNIVERSITI SAINS MALAYSIA. CST332 Internet Protocols. Architecture & Routing [Protokol, Seni Bina & Penghalaan Internet]

UNIVERSITI SAINS MALAYSIA. CMT322/CMM323 Web Engineering & Technologies [Kejuruteraan & Teknologi Web]

UNIVERSITI SAINS MALAYSIA. CST232 Operating Systems [Sistem Pengendalian]

UNIVERSITI SAINS MALAYSIA. CST334 Network Monitoring & Security [Pengawasan & Keselamatan Rangkaian]

UNIVERSITI SAINS MALAYSIA. CST333 Distributed & Grid Computing [Perkomputeran Teragih & Grid]

UNIVERSITI SAINS MALAYSIA. CST131 Computer Organisation [Organisasi Komputer]

UNIVERSITI SAINS MALAYSIA. CPT344 Computer Vision & Image Processing [Penglihatan Komputer & Pemprosesan Imej]

UNIVERSITI SAINS MALAYSIA. Peperiksaan Semester Pertama Sidang Akademik 2003/2004. September/Oktober 2003

UNIVERSITI SAINS MALAYSIA. CCS522 Advanced Data Communication & Computer Networks [Rangkaian Komputer & Komunikasi Data Lanjutan]

UNIVERSITI SAINS MALAYSIA. CST331 Principles of Parallel & Distributed Programming [Prinsip Pengaturcaraan Selari & Teragih]

UNIVERSITI SAINS MALAYSIA. CPT113 Programming Methodology & Data Structures [Metodologi Pengaturcaraan & Struktur Data]

UNIVERSITI SAINS MALAYSIA. CCS521 Advanced Distributed Systems Concepts and Design [Konsep dan Reka Bentuk Sistem Teragih Maju]

UNIVERSITI SAINS MALAYSIA. CCS522 Advanced Data Communication and Computer Networks [Rangkaian Komputer dan Komunikasi Data Lanjutan]

ssk 2023 asas komunikasi dan rangkaian TOPIK 4.0 PENGALAMATAN RANGKAIAN Minggu 11

INSTRUCTION: This section consists of FOUR (4) structured questions. Answer ALL questions.

MSS 317 Coding Theory [Teori Pengekodan]

UNIVERSITI SAINS MALAYSIA. CPT111/CPM111 Principles of Programming [Prinsip Pengaturcaraan]

UNIVERSITI SAINS MALAYSIA. CPT211-CPM313 Programming Language Concepts & Paradigm [Konsep & Paradigma Bahasa Pengaturcaraan]

UNIVERSITI SAINS MALAYSIA

UNIVERSITI SAINS MALAYSIA. CST131 Computer Organisation [Organisasi Komputer]

EEE 428 SISTEM KOMPUTER

MSS 318 Discrete Mathematics [Matematik Diskret]

INSTRUCTION: This section consists of TEN (10) structured questions. Answer ALL questions.

CPT111/CPM111 Principles of Programming [Prinsip Pengaturcaraan]

UNIVERSITI SAINS MALAYSIA. CST331 Principles of Parallel & Distributed Programming [Prinsip Pengaturcaraan Selari & Teragih]

UNIVERSITI SAINS MALAYSIA. CMT422 Multimedia Information Systems & Management [Sistem & Pengurusan Maklumat Multimedia]

INSTRUCTION: This section consists of TWO (2) questions. Answer ALL questions. ARAHAN: Bahagian ini mengandungi DUA (2) soalan. Jawab SEMUA soalan.

Pengenalan Sistem Maklumat Dalam Pendidikan

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

INSTRUCTION: This section consists of FOUR (4) structured questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CST234 Network Programming [Pengaturcaraan Rangkaian]

UNIVERSITI SAINS MALAYSIA. CMT224/CMM221 Multimedia Systems [Sistem Multimedia]

INSTRUCTION: This section consists of TWO (2) short answer and structured essay questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CST131 Computer Organisation [Organisasi Komputer]

MANAGE COURSE RESOURCES LABEL TEXT PAGE URL BOOK FILE FOLDER IMS CONTENT PACKAGE

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CST231/CSM331 Data Communications & Networks [Komunikasi Data & Rangkaian]

PART A SULIT (EKT 221) BAHAGIAN A. Answer ALL questions. Question 1. a) Briefly explain the concept of Clock Gating.

CPT212 Design & Analysis of Algorithms [Reka Bentuk & Analisis Algoritma]

CPT211/CPM313 Programming Language Concepts & Paradigms [Konsep & Paradigma Bahasa Pengaturcaraan]

EEE348 INTRODUCTION TO INTEGRATED CIRCUIT DESIGN (PENGANTAR REKABENTUK LITAR BERSEPADU)

MULTIMEDIA COLLEGE JALAN GURNEY KIRI KUALA LUMPUR

...a- JEE ELEKTRONIK DIGIT II. UNlVERSlTl SAINS MALAYSIA. Peperiksaan Semester Kedua Sidang Akademik FebruarVMac 2003.

UNIVERSITI SAINS MALAYSIA. CCS523 Computer Security & Cryptography [Keselamatan Komputer & Kriptografi]

MICROSOFT EXCEL. Membina Hamparan Elektronik Fungsi Hamparan Elektronik

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

INSTRUCTION: This section consists of TWO (2)short answers and TWO (2) structured essays. Answer ALL questions.

Pengguna akan diberikan Username dan Password oleh Administrator untuk login sebagai admin/conference Manager bagi conference yang akan diadakan.

UNIVERSITI SAINS MALAYSIA. CPT341 Software Design & Architecture [Reka Bentuk & Seni Bina Perisian]

COMBINING TABLES. Akademi Audit Negara. CAATs ASAS ACL / 1

UNIVERSITI SAINS MALAYSIA. CPT111 Principles of Programming [Prinsip Pengaturcaraan]

INSTRUCTION: This section consists of FOUR (4) structured questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CCS523 Computer Security & Cryptography [Keselamatan Komputer & Kriptografi]

PANDUAN PENGGUNA (PENTADBIR SYSTEM/SYSTEM ADMINISTRATOR) (INFOTECH, BPPF DAN POLIS

UNIVERSITI SAINS MALAYSIA. CPT103/ CPM211 Struktur Data & Paradigma Pengaturcaraan

UNIVERSITI SAINS MALAYSIA. CCS513 Computer Vision and Image Analysis [Penglihatan Komputer dan Analisis Imej]

AN IMPROVED PACKET FORWARDING APPROACH FOR SOURCE LOCATION PRIVACY IN WIRELESS SENSORS NETWORK MOHAMMAD ALI NASSIRI ABRISHAMCHI

Information Security Management System ISO/IEC 27001:2013

UNIVERSITI SAINS MALAYSIA. CMT324 Computer Graphics & Visual Computing [Grafik Komputer & Perkomputeran Visual]

EEE 348 PENGANTAR REKABENTUK LITAR BERSEPADU

CCS592 Advanced Algorithms and Complexity [Algoritma Lanjutan & Kekompleksan]

MAT 181 Programming for Scientific Applications [Pengaturcaraan untuk Penggunaan Sains]

TEKNOLOGI, GADJET & KEIBUBAPAAN

UNIVERSITI SAINS MALAYSIA. CST232 Operating Systems [Sistem Pengendalian]

PANDUAN PENGGUNA (SUPPLIER) MAINTAIN CERTIFICATES/SUPPLIER DETAILS SUPPLIER RELATIONSHIP MANAGEMENT SUPPLY CHAIN MANAGEMENT SYSTEM (SCMS)

PANDUAN PENGGUNA (PENSYARAH)

UNIVERSITI SAINS MALAYSIA. CST334 Network Monitoring & Security [Pengawasan & Keselamatan Rangkaian]

MAT 181 Programming For Scientific Applications [Pengaturcaraan Untuk Penggunaan Sains]

Panduan Menggunakan Autoresponder FreeAutobot.com

UNIVERSITI SAINS MALAYSIA. CST334 Network Monitoring & Security [Pengawasan & Keselamatan Rangkaian]

Lab 4 : Sorting Techniques

Semasa buku ini ditulis XAMPP mengandungi empat versi:

MULTIMEDIA COLLEGE JALAN GURNEY KIRI KUALA LUMPUR

UNIVERSITI SAINS MALAYSIA. CPT212 Design & Analysis of Algorithms [Reka Bentuk & Analisis Algoritma]

SYSTEMATIC SECURE DESIGN GUIDELINE TO IMPROVE INTEGRITY AND AVAILABILITY OF SYSTEM SECURITY ASHVINI DEVI A/P KRISHNAN

DARI KAUNTER KE SISTEM DALAM TALIAN

INSTRUCTION: This section consists of FOUR (4) structured questions. Answer ALL questions.

VIRTUAL PRIVATE NETWORK: ARCHITECTURE AND IMPLEMENTATIONS

Panduan Pengguna Autodesk Education Community

UNIVERSITI SAINS MALAYSIA. CPT103/CPM211 Struktur Data & Paradigma Pengaturcaraan

CST234 Network Programming [Pengaturcaraan Rangkaian]

UNIVERSITI SAINS MALAYSIA. CPT101 Prinsip-Prinsip Pengaturcaraan

PANDUAN PENGGUNA (SUPPLIER) MAINTAIN CERTIFICATES/SUPPLIER DETAILS SUPPLIER RELATIONSHIP MANAGEMENT SUPPLY CHAIN MANAGEMENT SYSTEM (SCMS)

MAT181 Programming For Scientific Applications [Pengaturcaraan Untuk Penggunaan Sains]

MAT 181 Programming For Scientific Applications [Pengaturcaraan Untuk Penggunaan Sains]

INSTRUCTION: This section consists of FOUR (4) questions. Answer ALL questions. ARAHAN: Bahagian ini mengandungi EMPAT (4) soalan. Jawab SEMUA soalan.

UNIVERSITI SAINS MALAYSIA. CPT103 Struktur Data & Paradigma Pengaturcaraan

Panduan Guru Maker UNO/ Arduino

INSTRUCTION: This section consists of TWO (2) questions. Answer ALL questions. ARAHAN: Bahagian ini mengandungi DUA (2) soalan. Jawab SEMUA soalan.

M2U MANUAL PENGGUNA USER MANUAL M2UNHJ. 0 P a g e BAHAGIAN SIMPANAN DAN PENGELUARAN JABATAN KHIDMAT PENDEPOSIT DAN OPERASI LEMBAGA TABUNG HAJI

UNIVERSITI SAINS MALAYSIA. CMT322/CMM323 Web Engineering & Technologies [Kejuruteraan & Teknologi Web]

EEE 355 ROBOTIC & AUTOMATION [Robotik & Pengautomatan]

ICT SPM 2011 SUGGESTION ANSWER. Section A

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA

B,8 PERKHIDMATAN KREDIT DAN PERBANKAN. Pemindahan Data PROSEDUR UNIT KOMPUTER. BPKP/KlOK-117 Bilangan Semakan : 0 Tarikh : PERUBAHAN.

UNIVERSITI SAINS MALAYSIA. CST432 Microprocessors & Embedded Systems [Mikropemproses & Sistem Terbenam]

CST432 Microprocessors & Embedded Systems [Mikropemproses & Sistem Terbenam]

PEPERIKSAAN PERCUBAAN SIJIL PELAJARAN MALAYSIA /1

Registration of Supplier (ROS) TM Supplier Registration Renewal via SUS Portal (Pembaharuan Pendaftaran Pembekal TM melalui SUS Portal)

Transcription:

UNIVERSITI SAINS AAYSIA Second Semester Examination 2010/2011 Academic Session April/ay 2011 T431/T335 Systems Security & Protection [Keselamatan & Perlindungan Sistem] Duration : 2 hours [asa : 2 jam] INSTRUCTIONS TO CANDIDATE: [ARAHAN KEPADA CAON:] Please ensure that this examination paper contains FOUR questions in NINE printed pages before you begin the examination. [Sila pastikan bahawa kertas peperiksaan ini mengandungi EPAT soalan di dalam SEBIAN muka surat yang bercetak sebelum anda memulakan peperiksaan ini.] Answer A questions. [Jawab SEUA soalan.] You may answer the questions either in English or in Bahasa alaysia. [Anda dibenarkan menjawab soalan sama ada dalam bahasa Inggeris atau bahasa alaysia.] In the event of any discrepancies, the English version shall be used. [Sekiranya terdapat sebarang percanggahan pada soalan peperiksaan, versi bahasa Inggeris hendaklah diguna pakai.]...2/-

- 2-1. (a) Assume you have just opened an account with a local bank. The bank issues you an AT (automated teller machine) card with a secret pin number, so that you can deposit and withdraw cash from any of the bank s teller machines. Explain one (1) possible vulnerability of this system. Explain one (1) possible threat to this system. (iii) Explain one (1) potential risk using this system. (iv) What possible counter measure you can take to safeguard your assets? Explain your answer. (v) What possible counter measure the bank can take to safeguard your assets? Explain your answer. The following table, Students, shows details about students taking various programs, number of units completed and their average marks. Statistical queries (i.e. COUNT, SU, AVG, AX, IN) are allowed on all attributes, but individual entries in Units Completed and Average arks columns cannot be read directly. Name Sex Program Units Completed Average arks Alice Bill Cindy David Eric Fiona Gloria Henry Isaac F F F F BA BA 8 15 16 22 8 16 23 7 21 63 58 70 75 66 81 68 50 70 Using statistical queries, write SQ statement(s) to obtain Cindy s average marks. Assume there is no query restriction. If query restriction is set at k=3, what does it mean? (iii) With query restriction set at k=3, can Cindy s average marks be obtained? If yes, write SQ statements how this can be done. If not, explain why....3/-

- 3 - If a worm has already infected a few computers in an organization, what steps can be taken to reduce its spread to other computers in the organization s intranet as well as the internet? 2. (a) Briefly describe how the following techniques can be used to protect programs against buffer overflow attacks. Random canary. Guard pages. Validating input is one of the essentials of writing a secure program. What aspects of input should be checked by the programmer? Briefly describe. Besides buffer overflow, what else can bad input do to a program? Use an example to explain your answer. Assume you want to permanently and securely delete a file on your hard disk, so that its contents are no longer recoverable. A friend has given you the following pseudocode for a secure file delete application. Will the application code work as intended? Briefly explain your reasons. Patterns = [ 10101010, 01010101, 11001100, 00110011, 00000000, 11111111 ] Open file for update For each pattern Go to start of file Overwrite file contents with pattern Close file Remove file...4/-

- 4-3. (a) Based on the given diagram: Which implementations of the counter modes are more secure? Justify your answer. (Note: K 256 is the key with 256 bit length and K 128 is a key with 128 bit length). Counter Counter K 256 K 128 P1 K 128 C1 P1 C1 A crypto-system based on RC4 has been using the same key, k, for some time. Assume you intercept C 1, which you know the corresponding plaintext is P 1. Describe how you can use this information to masquerade as the sender when communicating to the recipient. (4/100) In RSA public-key encryption/decryption scheme, each user has a public-key, e, and private-key, d. Suppose Bob leaks his public-key. Rather than generating a new n, he decides to generate a new e' and d' based on his old n. Is this safe? Justify your answer. (d) In Secure Socket ayer (SS) protocol: Is the session key chosen by a client or server? How is it communicated to the other party? Use diagram in your explanation....5/-

- 5-4. (a) Trusted entities such as CA in PKI and Kerberos in KDC require secure key exchange protocol. Briefly explain the differences between the two in terms of scalability and trust. Answer the following questions on IDS: ist and briefly define three classes of intruders. What are the three benefits that can be provided by IDS? (iii) Describe the differences between a host-based IDS and a network-based IDS. (iv) Describe the types of sensors that can be used in a NIDS. (v) What is a honeypot? Firewalls protect the internal network from attacks that are coming from the outside network. Can firewalls protect against virus infections (consider the different types of firewalls in your answer)? How does cryptographic protection at the TCP/IP layer or at the application layer affect a firewall s ability to protect against viruses? (d) US allows its students to use laptops at schools as well as when they are not within the wireless parameter of the university. Based on the above scenario, propose a security architecture to protect the university s intranet....6/-

KERTAS SOAAN DAA VERSI BAHASA AAYSIA - 6-1. (a) Anggap anda baru membuka akaun dengan suatu bank tempatan. Bank itu mengeluarkan suatu kad AT dengan nombor pin rahsia, supaya anda boleh menyimpan dan mengeluarkan wang daripada mana-mana mesin AT bank itu. Jelaskan satu (1) kelemahan yang mungkin bagi sistem ini. Jelaskan satu (1) ancaman yang mungkin bagi sistem ini. (iii) Jelaskan satu (1) risiko yang mungkin menggunakan sistem ini. (iv) Apa langkah balas yang anda boleh ambil untuk melindungi aset anda? Jelaskan jawapan anda. (v) Apa langkah balas yang boleh diambil oleh bank untuk melindungi aset anda? Jelaskan jawapan anda. Jadual berikut, Pelajar, menunjukkan maklumat mengenai pelajar yang mengikuti pelbagai program, bilangan unit terkumpul dan purata markah mereka. Pertanyaan statistik (contoh: BIANGAN, JUAH, PURATA, AKS, IN) dibenarkan ke atas semua atribut, tetapi kemasukan inidividu untuk lajur Unit Terkumpul dan Purata arkah tidak boleh dibaca secara terus. Nama Jantina Program Unit Terkumpul Purata arkah Alice Bill Cindy David Eric Fiona Gloria Henry Isaac P P P P BA BA 8 15 16 22 8 16 23 7 21 63 58 70 75 66 81 68 50 70 Dengan menggunakan pertanyaan statistik, tulis pernyataan SQ untuk memperolehi purata markah Cindy. Anggap tiada sekatan pertanyaan. Jika sekatan pertanyaan ditetapkan pada k=3, apakah maknanya? (iii) Dengan sekatan pertanyaan ditetapkan pada k=3, bolehkah purata markah Cindy diperolehi? Jika ya, tulis pernyataan SQ yang menunjukkan cara ia boleh dilakukan. Jika tidak, terangkan kenapa....7/-

- 7 - Jika suatu cecacing telah menjangkiti beberapa komputer dalam suatu organisasi, apakah langkah-langkah yang boleh diambil untuk mengurangkan penyebarannya ke komputer lain dalam intranet organisasi itu serta internet? 2. (a) Terangkan secara ringkas cara teknik-teknik berikut boleh digunakan untuk melindungi atur cara daripada serangan limpahan penimbal. Kenari rawak. Halaman pengawal. engesahkan input merupakan salah satu keperluan penting untuk menulis atur cara terjamin. Dari segi apakah input harus diperiksa oleh juru atur cara? Jelaskan secara ringkas. Di samping limpahan penimbal, apa lagikah yang boleh dilakukan oleh input buruk terhadap sesuatu atur cara? Gunakan contoh untuk menerangkan jawapan anda. Anggap anda ingin menghapuskan secara kekal dan terjamin suatu fail daripada cakera keras, supaya kandungannya tidak boleh didapatkan kembali. Seorang rakan telah memberikan anda pseudokod berikut bagi atur cara penghapusan fail terjamin. Boleh kod atur cara ini berfungsi seperti dikehendaki? Terangkan secara ringkas alasan anda. Corak = [ 10101010, 01010101, 11001100, 00110011, 00000000, 11111111 ] Buka fail untuk kemaskini Bagi setiap corak Pergi ke pangkal fail Tulis semula kandungan fail dengan corak Tutup fail Hapus fail...8/-

- 8-3. (a) Berdasarkan gambar rajah yang diberi: Implimentasi counter mode yang manakah lebih selamat? Jelaskan jawapan anda. (Nota: K 256 adalah kekunci 256 bit dan K 128 adalah kekunci 128 bit). Counter Counter K 256 K 128 P1 K 128 C1 P1 C1 Satu sistem kripto berasaskan RC4 telah mengunakan kekunci yang sama, k, untuk beberapa ketika. Anggapkan anda telah dapat C 1 yang mana anda tahu P 1 adalah teks aslinya. Terangkan bagaimana anda boleh mengunakan maklumat ini untuk menyamar sebagai penghantar bila berkomunikasi dengan penerima. (4/100) Pada skema enkripsi/dekripsi kekunci-awam RSA, setiap pengguna mempunyai kekunci awam, e, dan kekunci persendirian, d. Katakan kekunci persendirian Bob telah diketahui umum. Oleh kerana tidak mahu menjana n yang baru, dia mengambil kepututsan untuk menjana e' dan d' yang baru berdasarkan nilai n yang lama. Adakah proses ini selamat? Jelaskan jawapan anda. (d) Untuk protokol Secure Socket ayer (SS): Adakah kunci sesi dipilih oleh pengguna atau pelayan? Bagaimana kunci ini dihantar kepada parti yang satu lagi? Gunakan gambar rajah dalam penjelasan anda....9/-

- 9-4. (a) Entiti-boleh-percaya seperti CA dalam PKI dan KDC dalam Kerbero memerlukan protokol penukaran kunci selamat. Jelaskan secara ringkas perbezaan di antara keduanya dari segi tahap kepercayaan dan skala. Jawab soalan-soalan IDS yang berikut: Senarai dan beri pengertian ringkas tiga kelas penceroboh. Apakah tiga faedah yang dapat diberikan oleh IDS? (iii) Jelaskan perbezaan di antara host-based IDS dan network-based IDS. (iv) Terangkan jenis alat-deria (sensors) yang boleh digunakan oleh NIDS. (v) Apa itu honeypot? Aplikasi keselamatan tembok-api melindungi rangkaian dalaman daripada serangan yang datang daripada rangkaian luar. Bolehkah aplikasi keselamatan pintu-api melindungi rangkaian dalaman daripada jangkitan virus? (fikirkan kepelbagaian jenis aplikasi keselamatan pintu-api dalam jawapan anda)? Bagaimana perlindungan kriptografi pada lapisan TCP/IP atau lapisan aplikasi mempengaruhi kecekapan aplikasi keselamantan pintu-api melindungi serangan virus? (d) US membenarkan pelajar-pelajarnya menggunakan komputer riba di pusat pengajian dan juga apabila mereka tidak berada di dalam lingkaran tanpa wayar universiti. Berasaskan daripada senario di atas, cadangkan satu senibina keselamatan untuk mengawal intranet universiti. - ooooooo -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback