Question details

Final exam A+ rated
$ 50.00

EXAM INSTRUCTIONS

1. There are three (3) questions on this exam, each of equal value. 

2. Answer all three (3) of these questions.

3. Each question must be answered in your own words. However, when you use the words of others in any answers, you must use quotation marks and attribute the source right there following APA style recommendations. Also be sure to cite references right there using APA style when you paraphrase the words of others.

4. This is an open-book individual examination. You may use any resources in addition to the textbook, such as other books, articles, and the Web. All questions require research beyond the text, lecture notes, and conferences.  You must, however, do your own work and you may not collaborate with your classmates. 

6. Adequate answers for the entire examination should run approximately ten (10 - 12) double-spaced pages (not much more) with one-inch margins and 12-point font.  

7. You must provide a separate bibliography for each question following APA style recommendations. The bibliography for each question is outside the scope of the 10 - 12 double-spaced pages and should be placed at the end of each question.

8. Answers will be evaluated on the following criteria: key content, logical flow, clarity, spelling, grammar, and proper citations/bibliography. 

PLEASE SEE PAGES 2, 3, and 4 FOR THE EXAM QUESTIONS

 

    EXAM QUESTIONS 

Question 1 

This question is about Vulnerability Analysis as defined and discussed in INFA670 Session 4 and in our Bishop (2003, Chap. 23) textbook. 

Select two Vulnerability Analysis tools used in research and/or commercially available and describe their main features and functionality.  Compare and contrast their relative strengths and weaknesses when used in the three (3) scenarios described below: 

a.         The system to be developed is intended to be operational in a large enterprise environment and the system itself when fully developed will be of a size typically found in large enterprise deployments such as DOD, large banks or similar sized operations where integration and deployment includes use in a networked environment. 

b.         The system to be developed is intended to be operational in a midmarket sized firm which has branches located countrywide.  Familiar examples might include a fast food chain of outlets such as Burger King, a nationwide clothing store or similar set of replicated stores where integration and deployment includes use in a networked environment. 

c.         The system to be developed is intended to be operational in a small market firm or small business firm or even in home usage.  Familiar examples might include an income tax preparation package by a small tax consulting firm.  

Be sure to frame your answer in logical argumentations and referenced research results using the text and credible outside sources. Ensure that your answer is written in the contexts of security and trusted systems.   

 

Question 2 

This question is based on Exercise 3 in Chapter 21 of our Bishop textbook (2003, pp. 609 – 610). Exercise 3 states:    

“‘Recall that criteria creep’ is the process of refining evaluation requirements as the industry gains experience with them, making the evaluation criteria something of a moving target.  (See Section 21.2.4.2.) 

This issue is not confined to the TCSEC, but rather is a problem universal to all evaluation technologies”. (Bishop, 2003, pp. 609 – 610) 

With this in mind address the following requirements: 

a. Analyze the benefits and drawbacks of the Common Criteria (CC) methodology for handling criteria creep.  b. Provide recommendations for ensuring that the benefits can be realized; and for mitigating the drawbacks.  

     

Question 3 

This question is about using Formal Methods in Trusted Systems 

This is a hyperlink to a paper in PDF entitled: “File Systems Deserve Verification Too!” by Keller, Murray, Amani, etal. (2013).   

This paper was published in the Proceedings of the 7th Workshop on Programming Languages and Operating Systems (PLOS 2013), 2013, Nemacolin Woodlands Resort, Pennsylvania, USA, November. 

IEEE Security and Privacy Journal Volume 10 Issue 2, March 2012 Pages 67-70. 

This next hyperlink is to a related paper in PDF entitled: “Towards a Verified Component Platform” by Fernandez, Kuz, & Andronick (2013). 

This paper was published in the Proceedings of the 7th Workshop on Programming Languages and Operating Systems (PLOS 2013), 2013, Nemacolin Woodlands Resort, Pennsylvania, USA, November. 

You will see by the dates that these two papers are representative of recent research taking place in the field of Information Communications Technology Security and Trusted Systems. 

Question 3 Requirements:  

a.         You are to choose one of the above two papers (not both) and analyze:  the problem being addressed; the approach taken to arrive at a solution(s), as well as the results to date along with a discussion of anticipated results as we move into the future.

b.         Explain what the impact of this research will have on the future of Formal Verification of trusted operating systems and trusted software in general. Provide at least two examples of aspects or areas where we may see improvements in system trust in general.   

Please frame your claims in logical argumentations and referenced research results using the text and credible outside sources. 

Note:- In addressing the question requirements for your chosen paper you may find the following hyperlinked PDF of assistance as it covers some fundamental topics in the domain:   “Formalisation of a Component Platform” by Fernandez, M., Kuz, I., & Klein, G. (2012).   

This article was published as Poster Presentation at the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12), 2012, Hollywood, California, USA, October.  

Question 3 References 

1. Keller. G., Murray, T., Amani. S., etal. (2013). File Systems Deserve Verification Too! In, Proceedings of the 7th Workshop on Programming Languages and Operating Systems (PLOS 2013), 2013, Nemacolin Woodlands Resort, Pennsylvania, USA, November. Retrieved from http://www.plosworkshop.org/2013/preprint/keller.pdf  

2. Fernandez, M., Kuz, I., & Andronick, J. (2013). Towards a Verified Component Platform. In, Proceedings of the 7th Workshop on Programming Languages and Operating Systems (PLOS 2013), 2013, Nemacolin Woodlands Resort, Pennsylvania, USA, November. Retrieved from http://www.plosworkshop.org/2013/preprint/fernandez.pdf

3. Fernandez, M., Kuz, I., & Klein, G. (2012). Formalisation of a Component Platform. Published as a Poster Presentation at the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12), 2012, Hollywood, California, USA, October. Retrieved from http://www.nicta.com.au/pub?doc=6337        

END OF EXAM

Available solutions
  • Final exam A+ rated
    $50.00

    Nessus is an exclusive complete vulnerability scanning program. It is Free of charge for personal use in a non-enterprise environment. Nessus allows scans for

    Submitted on: 20 Sep, 2015 03:42:07 This Solution has been Purchased: 2 times
    Attachment: finalex.docx