Cc H192073 Pages: 2

Reg No.: Name:
APJ ABDUL KALAM TECHNOLOGICAL UNIVERSITY
EIGHTH SEMESTER B.TECH DEGREE EXAMINATION(S), OCTOBER 2019

Course Code: CS472
Course Name: PRINCIPLES OF INFORMATION SECURITY

Max. Marks: 100 Duration: 3 Hours
PARTA
Answer all questions, each carries 4 marks. Marks
1 Explain the need of information security. (4)
2 Distinguish between vulnerability and threat. Give example. (4)
3 Explain Clark-Wilson Model with a neat diagram. (4)
4 Illustrate SQL injection with an example. (4)
5 Briefly explain the life cycle of a computer virus. (4)
6 Explain XSS or Cross Site Scripting. (4)
7 What is a poll control frame? How does an attacker exploit a poll control frame? (4)
8 List out any 4 lacunae/pitfalls in GSM Security. Give a brief explanation. (4)
9 Discuss the strength and weakness of Secure Electronic Transactions. (4)
10 Explain the entities involved in a web service. (4)
PART B

Answer any two full questions, each carries 9 marks.
11 a) Consider a computer system with three users: Alice, Bob, and Cyndy. Alice (6)
owns the file alicerc, and Bob and Cyndy can read it. Cyndy can read and write
the file bobre, which Bob owns, but Alice can only read it-Only Cyndy can read
and write the file 0771101770, which she owns. Assume that the owner of each of

these files can execute it. Create the corresponding access control matrix.

b) What is a CIA Triad? Explain. (3)
12 a) State the *-property for the Chinese Wall model (4)
b) Explain Biba Model. (5)
13 a) Differentiate between Discretionary and Mandatory Access Control (4)

b) You are given a security policy stating that a subject has access to an object (5)

and only if the security level of the subject dominates the security level of the

Page lof 2