UNIVERSITY OF HERTFORDSHIRE
Academic year: 2020-2021
Assessment Session: Semester B
School/Dept: Computer Science
Module code: 7COM1028
Module title: Secure Systems Programming MAIN Assessment
Duration of Assessment: 120 minutes + 60 minutes for uploading answers online THE FOLLOWING IS PROVIDED FOR THIS OPEN BOOK ASSESSMENT:
- This paper which contains THREE questions each worth up to 25 marks.
- You are to ATTEMPT ONLY TWO of the questions.
INSTRUCTIONS FOR THIS ASSESSMENT
The Assessment consists of 3 questions.
- Answer TWO of the 3 questions ONLY
- You should aim to spend no more than 60 minutes on each question.
- Answers may be written on paper, typed in a word document or a combination of written and typed answers.
- Written answers must be scanned and converted to pdf files.
- Typed answers should be converted to pdf files.
- a combination of written and typed answers should be converted to pdf files.
- If you cannot convert your answers into pdf files then you should submit photographs of your answers as, for example, a jpeg file or a converted pdf file.
- Please uploaded your answer to each question as a separate file for marking purposes.
- Include your Student Registration Number on your answers to each question.
- Include the question number in the file name for each question.
- For example: studentID_Qu1.pdf
- Your pdf (or jpeg) files should be uploaded via the Assignment folder where the question paper is published. Choose the RED ‘Submit Assignment’ button and follow the instructions.
Reporting technical difficulties
- Should any problems occur, please take a screenshot and inform the module leader immediately (via email firstname.lastname@example.org), should any problems occur.
- When reporting difficulties, you should provide the following information:
- A description if the problem and how it occurred.
- Details of your browser (if applicable) and operating system.
- Your name and student number.
- If you need to complete a SAC form, please submit the form to SAC@herts.ac.uk
- Explain what is meant by the base rate fallacy and Bayes Theorem. Describe the relationship that exists between the base rate fallacy and Bayes Theorem.
- A network intrusion detection scheme gives a result that indicates that there is an intruder on the system. The accuracy of the scheme is stated as 82% and the Incidence of intrusion for networks of this type is given as 2%. Using Bayes theorem determine how likely is it that the network does not have an intruder?
- How appropriate do you feel the application of Bayes Theorem is in determining the likelihood of an intrusion into a network? Include an evaluation of the answer obtained in part b) above critical analysis.
In modelling attacks to a system, one is often in developing engaged in the detection of intruders. Two approaches taken to modelling such scenarios involve rule based modelling and stochastic based modelling.
- Describe one application of a rule-based model that could be employed to detect intruders on a network. In the case that you choose
- introduce the model being discussed,
- identify the problem(s) that the model attempts to address,
- include the assumptions that are made,
- discuss the solution presented and at least one weakness in the model.
Question 2 (25 marks)
Two forms of malware that share similarities and differences are worms and viruses.
- Describe two similarities and two differences that worms and viruses exhibit.
- Compare and contrast the techniques employed by a compression virus, a polymorphic viruses and a stealth viruses to avoid detection by A/V software. [Use Pseudo code where appropriate and describe one similarity and one difference for each form of virus].
- Various forms of attack against systems may be found in cyber space. Three such attacks include the following:
Select two of these attacks. Give a description of each attack, three similarities, three differences and an evaluation of each from the perspective of cybercrime, cybersecurity and cyberwarfare.
- Give one example with justification for each of the following:
- A protocol that involves Authentication Confidentiality and Authorisation
- A protocol that involves both Confidentiality, Anonymity and Authorisation
- The dining cryptographers problem is said to be an example of a secure multiparty computation preserving user anonymity.
- Explain what is meant by the Dining Cryptographers Problem for n cryptographers and outline a solution for the case n = 4.
- Describe three cases for which the Dining Cryptographers Protocol will not work? Justify your answer.
(5 marks)No Fields Found.