Question 1.1The OSI Security Architecture is an outline that gives a sorted-outmethod for security and describing the techniques to filling thoserequirements. Question 1.2Active security threats include data transmitted beingmodified to gain unauthorized access to computer systems.
Passive security threats are eavesdropping on Electronicmail, client or server exchanges Question 1.3Active security attacks: masquerade modification of a messages.Passive security attacks: release of message contents. Question 1.4Access control: prevention of unauthorized use of a resourcethat is service controls who can have access to a resource.
Authentication: it is the assurance that the communicatingentity is the one that it claims to be.Availability service: a system being accessible upon demandby an authorized system entityData confidentiality: it the protection of data from unofficialrevelation.Data integrity: the confirmation that information got areprecise as sent by an approved element. Question 1.
5a. Specificsecurity mechanism May be combined into the suitable protocol layer in order tooffer some of the OSI security services.Encipherment: the use of mathematical algorithms to changedata into a form that is not readily understandable. Data Integrity: the variety of mechanisms used to assure theintegrity of a data unit or stream of data units.Traffic Padding: inclusion of bits into gaps in aninformation stream to disappoint traffic analysis attempts.Routing Control: Enables determination of specificphysically secure routes for specific information.Notarization: use of a trusted third party to data exchange.
b. Pervasivesecurity mechanismsMechanisms that are not definite to any certain OSI securityservice.Trusted Functionality: That which is alleged to be correctwith respect to some criteria.Security Label: The marking bound to a resource that names thesecurity attributes of that resource.Security Audit Trail: Data collected and used to simplify asecurity audit.Security Recovery: Deals with demands from systems Question 1.
6Economy of Mechanism: Thisprinciple says that the design of security measures personified in bothhardware and software should be as basic and little as could be expected underthe circumstances. Fail-safe defaults: Thisprinciple says that access decisions should be based on permission rather thanexclusion. Open design: This principle says that the design of a security mechanismshould be open rather than secret Separation of privilege: Thisprinciple says can be defined as a practice in which multiple privilegeattributes are required to achieve access to a restricted resource. Least privilege: This standard says that every procedure and eachclient of the system should operate using the least set of freedoms necessaryto perform the dutyLeast common mechanism:This principle says that the design should to limit thecapacities shared by various clients, giving common security. This principlehelps reduce the number of unintended communication paths and reduces theamount of hardware and software on which all users depend.Encapsulation: concealingtraits in programming so that you can make changes in one placewithout having to also make changes in the other parts of an applicationleast astonishment: applies to userinterface and software design, fromthe ergonomics standpoint. Question 1.7Attack Surface: Comprises of the reachable vulnerabilitiesin a system.
Attack Tree: spreading progressiveinformation structure that speaks to an arrangement of potential strategies forsecurity vulnerabilities.