Mumbai University Question Papers System Security June 2009

Mumbai University question papers

 VII Sem CSE Examination June 2009

System Security

N.B.: (1) Question No.1 is compulsory.

(2) Attempt any four questions out of remaining six questions.

(3) Figures to the right indicate full marks

(4) Answers to the questions should be grouped and written together.

(5) Assume any suitable data wherever required but justify the same.


1. (a) What is.Brain Virus? How it passes on its infection?

(b) Compare signature-basedand anomaly-basedIDS. What the strengthsand limitations ” ,of IDS?

(c) List two disadvantages of each of the following :-

(i) Physical separation

(ii) Temporal separation in computing system.

(d) How is the encryption key generated from password in Kerberos ?


2. (a) (i) Compare Secret Key and Public Key encryption in terms of number of keys, Protection of key, Best uses, Key distribution and Speed.

 (ii) List and briefly define three applications of a public-key cryptosystem.

(b) In RSA system, the public key of a given user is e = 7, and n = 187.

(i) What is the private key of this user?

(ii ) You intercept the ciphertext C = 11sent to a.user whose public key is e = 7, and n = 187. What is the plaintext M ?

(iii) What are two possible approaches to defeating the RSA algorithm.


3. (a) List and explain the various malicious and non-malicious codes with examples. 10

(b) Which are the three types of controls against program threats? Explain each wi~h examples.


4. (a) What is file protectionmechanism? List and Comparethe basic forms of protection? 10

(b) Describe each of the following four kinds of access control mechanisms in terms of (1) ease of determining authorized access during execution, (2) ease of adding access for a new subject, (3) ease of deleing access by a subject, and (4) ease of creating a new object to which all subjects by default have access.

(i) per-subject access control list

(ii) per-object access control list

(iii) access control matrix

(iv) capability.


5. (a) What is inference problem? Which are the various ways to determine the sensitiv data values from a database using inference problem?

(b) What are the basic requirements for database security? Briefly examine each of the requirement.


6. (a) What is denial of service attack? What are t~e way in which an attacker can mount a DOS/DDOS attack on the system?

(b) \List the threats to E-Mail and what the various requirements and solutions for secure E-Mail.


7. (a) Compare copyright, patent and trade secret in terms of protects, protected object made public, requirement to distribute, ease of filling, duration and legal protection. Whichare the various issues relating to information?

(b) Explain the basic steps of risk analysis.


Leave a Comment