Different formal security models describe different access models. Formal security models are useful reference models for evaluating the attributes of various implementations. The

Assignment 2

1. (24 points)
Different formal security models describe different access models. Formal security models are useful reference models for evaluating the attributes of various implementations. The following phrases are used to describe some specific access models. Identify the security model each phrase is associated with and provide what the phrases mean in the context of the respective security model. Add some information about each security model along with each phrase.

Also (important) include a practical example that demonstrates the concepts for each security model. Be sure your practical example addresses both parts of the phrase. 

a. (12 points)
No read up, no write down.

Answer:

b. (12 points)
Read up, write down. Or stated differently: No read down, no write up.

Answer:

2. (16 points)
Clark-Wilson Mode

a. (4 points)
List and briefly explain 3 major components of Clark-Wilson Model.

Answer:

b. (4 points)
What is the difference between Clark-Wilson Model and Bell-LaPadula Model?

Answer:

c.  (4 points)
What are the benefits of Clark-Wilson Model?

Answer:

d. (4 points)
What are the limitations of Clark-Wilson Model?

Answer:

3.  (16 points) 

Today, both security incidents and security vulnerabilities continue to rise for a variety of reasons. 

What reasons can you provide for the continuing upwards trend in the number of incidents reported? You should provide at least four (4) reasons with supporting data and reasoned arguments to support your answer. Good answers will provide facts, reasoned arguments and references that go beyond anecdotal information.

Answer:

4. (12 points) 

Consider threat, vulnerability, exploit, and risk. 

What are they? 

What is the difference between them? 

Discuss.

Answer:

5. (12 points) 

What is the purpose of performing an asset classification, asset assessment and risk assessment as part of the security strategy? Take each item in turn defining what it is and describing the purpose of it. 

Answer:

6. (20 points) 

a. (4 points) Describe the concept of “Separation of Duties (SoD)”.

Answer:

b. (12 points) Provide 3 examples of the general benefits of following the principle of SoD for tasks? 

Answer:

c. (4 points) What problems can SoD not help with?

Answer: