८ 04000CS472052002 Pages: 2

Reg No.: Name:
APJ ABDUL KALAM TECHNOLOGICAL UNIVERSITY

Eighth semester B.Tech degree examinations, September 2020

Course Code: CS472
Course Name: PRINCIPLES OF INFORMATION SECURITY

Max. Marks: 100 Duration: 3 Hours
PARTA
Answer all questions, each carries 4 marks. Marks
1 What access control mechanism provides enhanced security in SELinux? How (4)

is the security provided?

2 Illustrate with an example how access is granted by an access control matrix. (4)
3 Describe Biba integrity model. (4)
4 How can buffer overflow vulnerability be prevented? (4)
5 What is timing attack? (4)
6 How did Code Red propagate? (4)
7 With the help of a diagram explain the key hierarchy in 802.111. (4)
8 What is the need for Link Level Authentication in Bluetooth? (4)
9 Describe the strength and weakness of secure electronic transaction (4)
10 Describe SAML assertion with an example. (4)
PART B
Answer any two full questions, each carries 9 marks.
11 a) Distinguish between discretionary and mandatory access control (3)
b) Let L and C be the set of sensitivity/clearance levels and set of categories
respectively. L= {UNCLASSIFIED, CONFIDENTIAL,TOP SECRET} and
C={Sales, NewProducts, BusinessPartners}. Here TOP SECRET is at the
highest clearance level and UNCLASSIFIED the lowest.
(i) How can two documents with security labels SECRET, {Sales}> and
be compared?
(ii) | What is the minimum clearance that a subject should have to access
the two documents? (3)
12 a) Explain waterfall model for providing security. (5)
b) Explain Star property of Bell- LaPadula Model. (4)

Page lof 2