Index No:

IESL COLLEGE OF ENGINEERING

Mid Semester Evaluation

EC 5007 Computer Security

Duration: 2 Hours

September 2017

Model Paper
Instructions to candidate:
This paper contains 4 questions. Answer all questions.
Total marks: 100.
This paper contains 4 pages including cover page.
Question 1 : Introduction to Computer Security (25 marks)

a) What is the difference between inside attacks and outside attacks security
attacks? Give one example of each attack.
[4marks]
b) Describe following objective of computer security.

i). Confidentiality
ii). Integrity
iii).Availability
[6 marks]

c) Briefly describe the following Security control types categorized by their

functionality with one example per each.

i). Preventive controls

ii). Detective controls
iii).Corrective controls
iv). Deterrent controls
v). Recovery controls
vi). Compensating controls
[6 marks]

d) A comprehensive security strategy involves three aspects. Sate those three aspects.
[3 marks]

e) Briefly describe the four complementary actions in security implementation.

[4 marks]

f) What is Information Risk Management?

[2 marks]

Question 2 : Basic Cryptography (25 marks)

a) List four properties a hash function must have to be useful for message
authentication.
[4 marks]

b) Explain the importance of generating a unique digital signature for each digital
message rather than using the same signature for all messages.
[4 marks]

2
c) Describe the main differences between Substitution cipher encryption and
transposition cipher.
[4 marks]

d) Briefly describe three uses of a public-key cryptosystem.

[6 marks]

e) What is the relationship between trust of the certificate and certificate class in
digital certificates?
[2 marks]

f) List four usages of Digital Signature.

[2 marks]

g) Explain how Electronic Codebook (ECB) is used in a symmetric block cypher.

[3 marks]

Question 3 : Programme Security - Malicious Software (25 marks)

a) Describe three main malware propagations. Give one malware example for each
type of propagation.
[6 marks]
b) Describe each of the following types of malware.
Spyware
Adware
Keyloggers
Rootkit
[4 marks]

c) Describe the main differences among the four generations of antivirus software.
[8 marks]

d) Briefly discuss the following requirements that needs to be satisfied for effective
countermeasure against malwares.
[3 marks]
i). Minimal denial of service cost
ii). Transparency
iii).Global and local coverage

e) Describe main similarity and difference between a polymorphic virus and a

metamorphic virus.
[4 marks]

3
Question 4 : Security in conventional operating systems (25 marks)

a) Linux stores hashed passwords and a salt value for better security. Describe how
the system stores and verifies a password.
[5 marks]
b) Access control is a critical element in computer security. Describe three main
objectives of access control with respect to computer security.
[6 marks]
c) Workstation Specific account attacks are one of the vulnerabilities of using
password authentication in which the attacker keeps guessing the password of a
specific ID. Give two possible countermeasures to address the vulnerability.
[4 marks]

d) List three advantages and three disadvantages of Single Sign-On (SSO) systems.
[6 marks]

e) Write down one example for each means of authentication given bellow.
[4 marks]
i). Something the individual knows:
ii). Something the individual possesses:
iii).Something the individual is:
iv). Something the individual does: