Security Engineering Assignment
You should include appropriate referencing and put answers in your own words. Failure to provide references for a question where it is clear references where used will results in a mark of zero for that question.
1. The assignment section on Moodle contains a zip file with some Windows executables and a Fingerprint.png fingerprint image file in it. To answer the questions here you will need to run FpMV. The fingerprint image is taken from one of the NIST Fingerprint databases.
(a) Once you have loaded the fingerprint file you will see a list of minutiae at the bottom.
i. Explain the meaning of the 4 terms: ( , ), Direction, Quality and Type; used to describe each minutiae.
ii. Graph the Quality versus the number of accepted Minutiae. This and the later graph shouldn't be hand drawn.
iii. Fingerprints are described as being in one of five categories: left loop, whirl, right loop, tented arch, arch. Which category do you think this fingerprint belongs to? Justify your answer.
(b) Use some sort of picture editing program to reduce the quality of the fingerprint image enough that the calculations on the modified image are appreciately different from the ones for the original image. Explain how you carry out this transformation and submit the modified image file Fingerprint2. That modified file doesn't have to be png but it does need to load into FpMV so check that software for the compatible formats.
(c) Load your modified image, Fingerprint2, and ...
i. Describe some of the differences between the data for the original file and the data for the modified file.
ii. For this modified file generate a new record of the Quality versus the number of accepted minutiae curve, and add that curve to the earlier graph.
2. Answer the following questions in the context of a library.
(a) List the main types of objects present.
(b) List the groups of subjects present and show how they are related.
(c) State the actions available.
(d) Give a reasonable description of the access control for this system.
(e) Describe a specific human characteristic that might be considered a vulnerability in this system. Explain why it may be considered a vulnerability.
i. Explain how that characteristic may be exploited by an attacker for some specified purpose.
ii. Explain how that characteristic may lead to accidental damage.
3. Consider that I have an asset worth $2000. There are two mutually exclusive possible events.
- The first occurs with probability 0 ≤ p ≤ 0.5 and would reduce the value of the asset to $1500.
- The second occurs with probability
(a) What is the threshold value at which buying insurance would be "worthwhile for both parties", as a function of p? Show working.
(b) Graph the insurance value as a function of a probability p.
4. What is the Tragedy of the Commons? How is it relevant to Internet security?
5. At some point it was planned that Starcraft would use the RealId system. Briefly explain what the ReadId system is and state why the plan was abandoned.
6. These questions relate to diversity in redundant systems:
(a) What does diversity mean in the context of redundant systems?
(b) Give a specific example of diversity in an identified system.
(c) Why does diversity in redundant systems matter?
7. Give an example of how context affects the way we interpret information. Don't use something mentioned in the lectures, lecture notes, or in the textbook.
8. Describe how you could use fault injection in the context of plagiarism detection.
9. Consider the payoff/payout table/matrix below and answer the questions that follow after it.
Alice\Bob
|
B1
|
B2
|
B3
|
B4
|
A1
|
2, 3
|
0, 4
|
1, 1
|
3, 3
|
A2
|
1, 3
|
3, 2
|
2, 6
|
1, 4
|
A3
|
4, 2
|
4, 4
|
5, 1
|
3, 3
|
A4
|
4, 1
|
3, 1
|
2, 2
|
2, 0
|
(a) Assuming Alice is only concerned with her own gain, is there a dominant strategy for Alice? Justify your answer and state the dominant strategy if there is one.
(b) Assuming Bob is only concerned with his own gain, is there a dominant strategy for Bob? Justify your answer and state the dominant strategy if there is one.
(c) Produce a matrix containing the difference between the result for Alice and Bob, so in each case it is the difference of the two entries, so A1B1 would contain -1.
(d) Is there a dominant strategy for Alice or Bob with respect to the difference matrix produce d in the previous part?
10. Consider the following incomplete ALE table and answer the questions that follow after it.
Event
|
SLE
|
Annual Incidence
|
ALE
|
A
|
$200, 000
|
0.004
|
|
B
|
$30, 000
|
|
$3, 000
|
C
|
|
200
|
$4, 000
|
D
|
|
100
|
$50
|
E
|
$400
|
2000
|
|
F
|
$16, 000
|
|
$16, 000
|
G
|
$2, 000, 000, 000
|
0.00000000005
|
|
(a) Complete the ALE table.
(b) Assuming we take no action but operate with the above, how much would we expect to lose in 5 years?
(c) Describe three general principles that can be used to determine whether a particular event needs to be dealt with. You need to think what would be appropriate guidelines.
(d) Apply the three general principles from part b. to the completed ALE table to describe what events should be addressed.
Attachment:- Assignment File.rar