Академический Документы
Профессиональный Документы
Культура Документы
1. Consider an automated teller machine (ATM) in which users provide a personal identification
number (PIN) and a card for account access. Give examples of confidentiality, integrity, and
availability requirements associated with the system. In each case, indicate the degree of
importance of the requirement.
Confidentiality:PersonalIdentificationNumber(PIN)isanassetwhoseconfidentialityis
consideredtobehighlyimportantbyanindividual.PINinformationshouldonlybeavailable
toindividual.DegreeofImportance:HIGH
Integrity:Anindividualshouldbeabletotrustthatthecardprovidedforaccountaccessis
correctandcurrent.Andanindividualshouldbeabletowithdrawamounts/hewishesto
fromhis/heravailableaccount.Nowsupposebankstaffthatisauthorizedtoviewandupdate
individualsaccountdeliberatelyfalsifiesthedatainit,Integrityislost.Thedatabaseneedsto
berestoredtoatrustedbasisquickly,anditshouldbepossibletotracetheerrorbacktothe
personresponsible.DegreeofImportance:High.
Availability:AutomatedTellerMachine(ATM)providesawayforindividualstowithdraw
moneywheneverandfromwherevertheywant.Therefore,anindividualshouldbeableto
withdrawmoneyfromATM(i.e.ATMshouldalwaysbeavailableforwithdrawal)provided
s/hehasPINandCardforaccountaccess.However,thisisthefacilityprovidedbybanksto
facilitateitscustomerforeasyaccesstotheirbankaccount.Thisisnotcriticalcomponentof
thebanksinformationsystem,butunavailabilityofthisservicewillcausesome
embarrassmenttothecustomer.DegreeofImportance:Moderate.
Problems
1. Draw a matrix that shows the relationship between Security Services and Security Attacks.
2. Draw a matrix that shows the relationship between Security Mechanisms and Attacks.
3. Draw a matrix that shows the relationship between Security Services and Security
Mechanisms.