Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Non-discretionary controls means than there is mandatory access control. In this type of system, security is enforced by a strict set of rules that creates a hierarchy of permissions that users cannot override. Essentially, this type of system is meant to hinder insider users from actually working against the system. Users cannot access crucial internal information as to become spies, thus they cannot see the internal designs of the system to stop leaks such as selling internal designs to competitors, implanting spyware or other malicious software, making critical errors that would injure the system, or access sensitive records that can be leaked to outside sources.
According to the research traditional UNIX is not non-discretionary, but rather a version of a discretionary ACL. In this, there are options as to what users have access to sensitive security information from within the system design. Unlike non-discretionary systems, typical UNIX systems categorize users into specified lists, which allow them different levels of access into the internal workings of the system. There are those who can read software components, write software, execute operations, and then the final tier is the special operations that are reserved only for the owner or original creator of the system. Thus, users are defined as user, owner, or other and their level of access is then defined based on what group category they fall into.
Still,...
These are more complicated features that have been built into major UNIX systems, like that seen in the case of IBM. But, UNIX operation systems themselves are typically discretionary, and need extra layers built in to make them non-discretionary.
Question 2
In this particular situation, there is clearly some sort of bad function within the scheme. When using an XOR, there is little chance of users getting the same hash from different keys. Essentially, the scheme itself is terminally weak, which could be extremely problematic for future security scenarios. In this scenario, an attacker can very easily XOR the random bit stream with the original random string and get access to the response. Additionally, if you use a random bit stream to XOR the message, your partner would not be able to receive or have access to the same material because then the hash would not be truly random. Ultimately, this also goes to show that there is a flaw within the scheme. To strengthen the scheme, one could use something like a cryptographic hash function, like the SHA-256, or other variants of the hash function.
Question 3
The addition of salt characters helps increase the level of…
References
IBM. (2004). Securing UNIX applications using Trivoli Access Manager for operating systems. Developer Works. Web. http://www.ibm.com/developerworks/tivoli/library/t-secpol/
Li, N., Byun, J.W., & Bertino, E. (2011). A critique of the ANSI Standard on role based access control. CERIAS and Department of Computer Science. Purdue University. Web. https://www.cs.purdue.edu/homes/ninghui/papers/aboutRBACStandard.pdf
Information Technology Security Over the last several years, the Internet has evolved to the point that it is a part of any organizations activities. As both governments and businesses are using this new technology, to store as well as retrieve significant amounts of information. However, this heavy reliance on various IT related protocols are having adverse effects on these organizations. As they are facing increasing amounts of threats from cyber
Information Technology Annotated Bibliography Annotated Bibliography Cloud Computing and Insider Threats Bhadauria, R., Chaki, R., Chaki, N., & Sanyal, S. (2011) A Survey on Security Issues in Cloud Computing. CoRR, abs/1109.5388, 1 -- 15. This article is very explanatory in nature. This article would serve best in the opening sections of a research paper, such as in the introduction or the historical review. This article has a formal and academic tone; the intention to
IT Security Plan The technological advances that have been witnessed in the past twenty to thirty years, has placed a tremendous emphasis on data and information. Computers have changed the world in many facets and the ability to communicate and perform work have been greatly assisted by the digital age. Along with these new found powers, there exists also new found threats. The ability to protect these investments and resources of
Computer IT Security Implementation Provide a summary of the actual development of your project. Because small corporations have to work under conditions of conflicting information technology in many instances, the requirement of maintaining these systems details entails far too many time-consuming processes that have to be carried out. This allows for the business to work in a logical order and promotes a more logical approach to the making of business decisions. The end
IT Acquisition Management for a new Video Shop Individual Project Activities Identification of a problem Organization: Component: Showtime Video Store Business Capture Group The problem is that there is no real information technology security measure employed in the video shop. There is very little awareness of the necessary IT security measures amongst the current management heads which is why they need an effective IT security plan and structure to implement to ensure there is no copyright infringement
Processing examples are conversion of encoded or typed words to printable format or running of computer programs such as the Statistical Package for Social Sciences (SPSS). Lastly, controlling ensures that all other four operations of the computer are efficiently working together, while at the same time, ensuring also that each operation does not interfere with the other operations. Examples of control measures in the computer are warnings or prompts