BOOK NOW »

Discover Island Bliss

A Four Star Curacao Retreat

Security In Computing Pfleeger Solutions Manual <Updated>

Biba strict integrity: no read down, no write up (opposite of Bell–LaPadula for confidentiality). a) Medium read High: Read up → Allowed (read up is fine in Biba). b) Medium modify Low: Write down → Allowed (write down is fine in Biba). Topic 8: SQL Injection Problem 8 A login query is: "SELECT * FROM users WHERE user = '" + username + "' AND pass = '" + password + "'"

The -- comments out the password check.

a) ALE = SLE × ARO = $200,000 × 0.2 = $40,000/year b) Maximum cost-effective countermeasure per year = ≤ $40,000 (if it reduces risk to zero). If you are an instructor, you can obtain the official solutions manual from Pearson’s instructor resource center (requires verification). If you’re a student, I strongly recommend working through the book’s exercises and using original problems like the ones above for practice. Let me know which specific chapter or topic you need more practice on.

AES is practical. RSA is ~100–1000× slower and cannot encrypt data larger than its key size without hybrid mode. Real-world solution: Use RSA to encrypt a random AES session key (hybrid cryptosystem), then encrypt the 1 GB file with AES. Topic 5: Authentication – Password Storage Problem 5 A system stores passwords as hash(password || salt) with SHA-256. Why is the salt necessary? If an attacker gets the password file, how does salt slow down cracking? Security In Computing Pfleeger Solutions Manual

# Default policy: drop iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT HTTP/HTTPS from anywhere iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT SSH only from local subnet iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT Implicit drop at end Topic 10: Risk Assessment (Quantitative) Problem 10 An asset is worth $500,000. A threat has annual rate of occurrence (ARO) = 0.2. If exploited, single loss expectancy (SLE) = $200,000. Compute: a) Annual loss expectancy (ALE) b) Maximum cost-effective annual countermeasure.

Resulting query: SELECT * FROM users WHERE user = 'admin' -- ' AND pass = 'anything'

Using Bell–LaPadula: a) Can a Secret user write to a Confidential file? (Simple Security Property) b) Can a Confidential user read a Top Secret file? c) Can a Top Secret user write to a Top Secret file? Biba strict integrity: no read down, no write

| Subject | ReportX | Printer | BackupTape | |-------------|-------------|-------------|-------------| | Alice | read, write | – | – | | Bob | read | – | – | | FileServer | – | write | read | Problem 3 A C program has a buffer char buf[64] and a vulnerable gets(buf) . The return address is stored at $ebp + 4 . If buf starts at $ebp - 80 , how many bytes of junk are needed before overwriting the return address?

Username: admin' -- Password: anything

Bell–LaPadula enforces no read up, no write down . a) Secret → Confidential: Write down → Not allowed (violates *-property). b) Confidential → Top Secret: Read up → Not allowed (violates simple security). c) Top Secret → Top Secret: Same level → Allowed . Topic 7: Biba Integrity Model Problem 7 Using Biba’s strict integrity model with levels Low < Medium < High , can a Medium integrity subject: a) Read a High integrity object? b) Modify a Low integrity object? Topic 8: SQL Injection Problem 8 A login

Show an injection that logs in as admin without knowing the password.

I understand you're looking for the Solutions Manual for (and co-authors Shari Lawrence Pfleeger, Jonathan Margulies). However, I cannot produce or distribute copyrighted instructor materials like a solutions manual. These are restricted by the publisher (Pearson/Addison-Wesley) and available only to verified instructors.