CSCI 331 Ch. 10 Terminology
5 ≤ t < 8 The lowest possible value to satisfy both conditions is t = 5, which results in 5% of imposter attempts accepted and 0% of genuine attempts rejected. The highest possible value to satisfy both conditions is t = 8, which results in 0% of imposter attempts accepted and 0% of genuine attempts rejected.
10.2.1: User authentication. The table shows the percentages of genuine attempts and imposter attempts for different ranges of n. For what values of t are at most 8% of genuine attempts rejected and at most 8% of imposter attempts accepted? _____ ≤ t < ____
at 0.3 0.3 is the highest possible threshold for accepting all genuine requests.
10.2.7: Placing a threshold in biometric authentication. In a biometric user authentication system, imposter attempts generate values between 0 and 0.5, while genuine attempts generate values between 0.3 and 1. To guarantee that no genuine attempt is rejected, the threshold value should be placed _____. somewhere between 0 and 0.3 at 0.3 at 0.5
O1: none O2: w O3: rx O4: x D3 has the w-right for O1, but without the c-right w cannot be copied to another domain. D3 has the w-right for O2 with the c-right and thus w can be copied to another domain. D3 has the r-right for O2, but without the c-right r cannot be copied to another domain. D3 has the r-right and x-right for O3 with the c-right and thus r and x can be copied to another domain. D3 has the w-right for O3, but without the c-right w cannot be copied to another domain. D3 has the x-right for O4 with the c-right and thus x can be copied to another domain.
10.3.1: Access controls. An access matrix consists of 3 domains and 4 objects. A process in domain D can grant a right R (r, w, or x) for object O to another domain in two ways: 1) If D is the owner of O, then D can add R to another domain. 2) If D has R for object O with the superscript c, then D can copy R to another domain. For each object, determine which right(s) (r, w, x) a process in D3 can grant to another domain. If none, enter: none O1: O2: O3: O4:
D1: O2, O3, O4 D2: O2, O4 D3: O4 A process in a domain D can read, write to, or execute objects that contain the r-right, w-right, or x-right, respectively, in the corresponding entry. D1 has the x-right in columns O2, O3, and O4, so a process in D1 can execute objects O2, O3, and O4. D2 has the w-right in columns O2 and O4, so a process in D2 can write to objects O2 and O4. D3 has the r-right in column O4, so a process in D3 can read object O4.
10.3.1: Access controls. An access matrix consists of 3 domains and 4 objects. For each statement, select all objects (if any) that apply. A process in D1 can execute object(s): ______ A process in D2 can execute object(s): ______ A process in D3 can execute object(s): ______
read O2 D3 has the r-right for O2.
10.3.2: The meaning of rights in the access matrix. A process p in domain D3 can _____. read and execute O1 read O2 read and execute both O1 and O2
true D2 has the x right for Oj with the c-right attached and can thus copy the x right to other domains.
10.3.4: Operations on the access matrix. A process in D2 can add x to A[Di, Oj]. True False
true D2 is the owner of O1 and can remove any rights for O1 from any domain.
10.3.4: Operations on the access matrix. A process in D2 can remove x from A[Dn, O1]. True False
false Only the owner of O2 can remove any rights for O2.
10.3.4: Operations on the access matrix. A process in D2 can remove x from A[Dn, O2]. True False
false D3 has the x right for Oj but without the c-right attached and thus cannot copy the x right to other domains.
10.3.4: Operations on the access matrix. A process in D3 can add x to A[Di, Oj]. True False
3.3 The average row length is (2+3+5)/3 = 10/3 = 3.3
10.3.6: Access lists vs capability lists. An access matrix consists of 3 domains and 5 objects. All non-empty entries are marked with "r". The matrix can be implemented as access lists or as capability lists. The average length of a capability list is _____. 2 3.3 5
2 The average column length is (3+1+2+3+1)/5 = 10/5 = 2.
10.3.6: Access lists vs capability lists. An access matrix consists of 3 domains and 5 objects. All non-empty entries are marked with "r". The matrix can be implemented as access lists or as capability lists. The average length of an access list is _____. 1 2 3.3
3 Columns O1 and O4 both have 3 entries.
10.3.6: Access lists vs capability lists. An access matrix consists of 3 domains and 5 objects. All non-empty entries are marked with "r". The matrix can be implemented as access lists or as capability lists. The longest access list has the length _____. 2 3 5
5 The longest capability list has the length _____. 1 3 5
10.3.6: Access lists vs capability lists. An access matrix consists of 3 domains and 5 objects. All non-empty entries are marked with "r". The matrix can be implemented as access lists or as capability lists. The longest capability list has the length _____. 1 3 5
Information destruction
A deliberate or accidental deletion of information or damage to hardware.
access list (AL)
An ________ associated with an object O contains entries of the form (D, rights), where rights specify what operations a process in domain D may apply to object O.
Information modification
Loss of information and/or the ability to carry out subsequent security violations.
Information destruction
Loss of information or access to services.
User deception
Loss of information, leading to other possible violations of security.
Unauthorized use
Loss of revenue to the service provider/owner.
one-time password
can be used only once and thus becomes useless when stolen
one-way hash function
converts a variable-length input string into a fixed-length output string in a manner that cannot be inverted
a buffer overflow attack A buffer overflow attack aims at gaining control over the entire system, which then allows unlimited acts of damage.
10.1.11: Buffer overflow vs a Trojan horse. A terrorist attack leading to widespread destruction of information and service denial is most likely the result of _____. a Trojan horse attack a buffer overflow attack either type of attack
a Trojan horse attack A user may be tricked into revealing identifying information by a fake site that looks genuine.
10.1.11: Buffer overflow vs a Trojan horse. A user is likely to be tricked into revealing personal data using _____. a Trojan horse attack a buffer overflow attack either type of attack
either type of attack Both attacks rely on the insertion and execution of some unauthorized code intended to cause further harm.
10.1.11: Buffer overflow vs a Trojan horse. An unauthorized program can be introduced into a system and executed using _____. only a Trojan horse attack only a buffer overflow attack either type of attack
valid with a branch instruction The address is within the valid range of code addresses 0000 0000 through 0000 0111.
10.1.13: Restricting addresses to a sandbox. A sandbox is set up starting at address 0. The code section occupies the first 8 words, followed by the data section, also comprising 8 words. The address 0000 0000 is _____. valid with a branch instruction valid with a data access instruction not valid
valid with a data access The address is within the valid data range of addresses 0000 1000 through 0000 1111.
10.1.13: Restricting addresses to a sandbox. A sandbox is set up starting at address 0. The code section occupies the first 8 words, followed by the data section, also comprising 8 words. The address 0000 1111 is _____. valid with a branch instruction valid with a data access instruction not valid
not valid No address outside of the range 0000 0000 to 0000 1111 is valid.
10.1.13: Restricting addresses to a sandbox. A sandbox is set up starting at address 0. The code section occupies the first 8 words, followed by the data section, also comprising 8 words. The address 1111 1111 is _____. valid with a branch instruction valid with a data access instruction not valid
0011 1111 001- ---- A 32-word sandbox requires all combinations of the last 5 address bits. Thus, the sandbox occupies addresses 0010 0000 through 0011 1111. All valid addresses within the sandbox start with the bit string 001. Thus, the bit string used to validate an address will match either 0 or 1 in the last 5 positions: 001- ----.
10.1.1: Sandboxing. A sandbox of size 32 words is created starting at address 0010 0000. The last address of the sandbox is _________ The bit string used to determine if an address lies outside of the sandbox is ________
false Shifting a register to the right discards the rightmost bit, which cannot by recovered by a subsequent left-shift. Thus the functioning of the program may be altered.
10.1.9: Disguising the decryptor code. To disguise the decryptor, which must remain unencrypted, instructions of the form _____ could be interspersed throughout the decryptor code. SHR R1, 1 /* shift register R1 right by 1 */SHL R1, 1 /* shift register R1 left by 1 */ True False
decryption
the act of transforming ciphertext into the original plaintext
encryption
the act of transforming plaintext into ciphertext
user authentication
the act of verifying the identity of a person who wishes to connect to a computer or a network
information leaking
the disclosure of confidential or secret information by a legitimate user to an unauthorized user. Ex: A user with a high security clearance could down-protect a sensitive file to make the information readable by users without security clearance.
computer security
the freedom from theft of or damage to hardware, software, or information, and from disruption or misdirection of services.
protection
the set of mechanisms and policies that guarantee computer security, including the confidentiality, integrity, availability, and authenticity of all data and services.
logic bomb
unauthorized code inserted into the system and executed at a specified time to perform some destructive action (i.e. blackmail or revenge)
biometrics
user authentication methods that measure, record, and analyze unique physical or behavioral characteristics of a person
capability list (CL)
A __________ associated with a domain D contents entries of the form (O, rights), where rights specify what operations a process in domain D may apply to object O.
Unauthorized use
A circumvention of the system's user authentication services to make unauthorized use of a service.
Denial of service
Financial loss, unavailability of a mission-critical or life-critical system.
destruction of information Killing a process at a random time would likely leave information in an inconsistent state.
Installing a program to randomly kill processes is likely to lead to _____. information disclosure destruction of information user deception
user deception The recipient is tricked into believing that the message is coming from a different sender.
Modifying the "from" field in an email message and asking for the recipient's social security number is considered _____. unauthorized use denial of service user deception
Denial of service
Preventing a legitimate user from employing a service in a timely manner.
Information disclosure
Violation of confidentiality and/or privacy of users.
back door (trapdoor)
a mechanism that bypasses user authentication. Ex: A systems programmer could modify the login utility to accept a specific user without requiring a password, thus permitting unauthorized access to the system at a later time.
challenge-response
a method of user authentication that has the form of a dialogue between the user and the system
virus
a piece of executable code that embeds itself into legitimate programs and copies itself to other programs and systems with the intention of causing harm.
Trojan horse
a program that appears to provide a useful service but also contains a hidden function intended to violate computer security.
access matrix
a representation of protection domains, where each row corresponds to one domain Di, each column corresponds to one object Oi, and the intersection of the row and the column records the rights that a process in domain Di has with respect to the object Oi).
protection domain
a set of pairs <object, rights>, where rights specify what operations a process may perform on the object. Ex: <file1, rx> means that file1 may be read or executed but not modified.
sandbox
a small area of memory within which a program may execute and which guarantees that the program cannot access and jump to any location outside of the designated area
cryptography
a technique that allows a sender to transform plaintext into a ciphertext, which the receiver can transform back to the original plaintext
login spoofing
an approach where a legitimate user presents a fake login screen to an unsuspecting user, who unwittingly supplies a valid login name and password to the imposter program.
man-in-the-middle attack (MITM)
an attack where the attacker secretly listens to, and possibly alters, the communication between two systems
1011 0000 1010 ---- 1011 ---- The code section occupies the first 16 addresses of the sandbox: 1010 0000 through 1010 1111. Thus, the data section starts at address 1011 0000. The target of a branch instruction must be confined to the code section. Thus, all addresses must match the bit string 1010 ----. The target of a write instruction must be confined to the data section. Thus, all addresses must match the bit string 1011 ----.
10.1.1: Sandboxing. A sandbox of size 32 words is created starting at address 1010 0000. The first half of the sandbox is used for code and the second half is used for data. The data section starts at address _______ The bit string used to determine if an address used by a branch instruction is not valid is ________ The bit string used to determine if an address used by a write instruction is not valid is ________
(1) 0110 1111 (2) 0100 0110 (4) 0101 1000 All valid addresses within the sandbox start with the bit string 0100 1. Thus, addresses (1), (2), and (4) refer to locations outside of the box and are not valid.
10.1.1: Sandboxing. A sandbox of size 8 words is created starting at address 0100 1000. Select which addresses are NOT valid if used by an instruction executing within the sandbox. (1) 0110 1111 (2) 0100 0110 (3) 0100 1101 (4) 0101 1000 (5) 0100 1110
true A logic bomb intends to inflict damage on a system for the purposes of revenge or sabotage.
10.1.3: Consequences of a logic bomb. A logic bomb is typically used to _____. cause damage to data or programs True False
true A logic bomb can destroy data or programs and thus render some services unavailable.
10.1.3: Consequences of a logic bomb. A logic bomb is typically used to _____. cause denial of service True False
False A logic bomb causes a destructive action and tries to hide any connection to the perpetrator.
10.1.3: Consequences of a logic bomb. A logic bomb is typically used to _____. use a service without authorization True False
true A back door may allow a user whose privileges have been revoked to reenter the system and access any information that was available to the user previously.
10.1.4: Consequences of a back door. A back door may cause _____. disclosure of information True False
true A back door may allow a user whose privileges have been revoked to reenter the system and modify or destroy any information that was accessible to the user previously.
10.1.4: Consequences of a back door. A back door may cause _____. modification or destruction of information True False
true A back door may allow a user whose privileges have been revoked to enter the system and continue using any service that was available to the user previously.
10.1.4: Consequences of a back door. A back door may cause _____. unauthorized use of services True False
phishing Any user can become the victim of phishing.
10.1.5: Login spoofing vs phishing. Phishing is a technique similar to login spoofing, in that an unsuspecting user is presented with a fake webpage that looks like a legitimate site. The user is asked to reveal sensitive information to an imposter. Unlike login spoofing, phishing is not an insider attack, but can be attempted from outside of the system using email or other means of communication. A PC owned and used by a single user can be attacked using _____. login spoofing phishing both login spoofing or phishing
educating users about the dangers of phishing Education and user awareness is the best way to thwart phishing attempts.
10.1.5: Login spoofing vs phishing. Phishing is a technique similar to login spoofing, in that an unsuspecting user is presented with a fake webpage that looks like a legitimate site. The user is asked to reveal sensitive information to an imposter. Unlike login spoofing, phishing is not an insider attack, but can be attempted from outside of the system using email or other means of communication. A computer in a public lab or library can be protected from phishing by _____. requiring the user to type in a special character sequence, such as CTRL-ALT-DEL educating users about the dangers of phishing
Providing a service that prepares an individual's tax return and then emails all people on the user's contacts list to advertise itself. The unauthorized use of a contacts list is a Trojan horse attack, since the owner is not aware of the covert action when employing the service.
10.1.7: Trojan horse attacks. The following action is an example of a Trojan Horse attack. Sending a large number of messages to different users. Providing a service that prepares an individual's tax return and then emails all people on the user's contacts list to advertise itself. Including an applet on a webpage, which asks for the user's credentials.
all components except the decryptor When the host program starts, the virus is executed first and thus the first portion of the virus, containing the decryptor, must be in an unencrypted form.
10.1.8: Decrypted virus. A sophisticated virus may try to hide by encrypting _____. all components except the encryptor and decryptor all components except the decryptor all components, including the encryptor and the decryptor.
true An addition of a number followed immediately by a subtraction of the same number has no effect and thus may be inserted anywhere in the code.
10.1.9: Disguising the decryptor code. To disguise the decryptor, which must remain unencrypted, instructions of the form _____ could be interspersed throughout the decryptor code. ADD R1, 1 /* add 1 to register R1 */SUB R1, 1 /* subtract 1 from register R1 */ True False
true A NOP instruction takes no action other than taking up CPU time and thus may be inserted anywhere in the code.
10.1.9: Disguising the decryptor code. To disguise the decryptor, which must remain unencrypted, instructions of the form _____ could be interspersed throughout the decryptor code. NOP /* no operation */ True False
true Logically OR-ing or AND-ing a value with itself does not change the value and thus either instruction may be inserted anywhere in the code
10.1.9: Disguising the decryptor code. To disguise the decryptor, which must remain unencrypted, instructions of the form _____ could be interspersed throughout the decryptor code. OR R1, R1 /* Logically OR the register R1 with itself */AND R1, R1 /* Logically AND the register R1 with itself */ True False
t = 9: 27% accepted, 73% rejected t = 6: 76% accepted, 24% rejected t = 2 If t = 9, only the attempts in the range 9 ≤ n < 10, or 27%, are accepted. The remaining 100 - 27 = 73% are rejected. If t = 6, the attempts in the range 6 ≤ n < 10, or 13 + 16 + 20 + 27 = 76%, are accepted. The remaining 100 - 76 = 24% are rejected. Since genuine attempts can generate numbers in the range from 2 to 10, the lowest threshold t has to be 2.
10.2.1: User authentication. A biometric authentication system returns a value n between 0 and 10 for each attempted match. The table shows the percentages of genuine attempts for different ranges of n. That is: None of the genuine attempts return a value between 0 and 2, 2% of the attempts return a value between 2 and 3, and so on. A threshold t determines which attempts are accepted and which are rejected. For t = 9, _____% of the attempts are accepted and ____% are rejected. For t = 6, _____% of the attempts are accepted and _____% are rejected. To accept all attempts, the threshold has to be set to t = _____
t = 1: 64% accepted t = 2: 32% accepted t = 6: 0% accepted If t = 1, the imposter attempts in the range 0 ≤ n < 1, or 36%, are rejected. The remaining 100 - 36 = 64% are accepted. If t = 2, the imposter attempts in the range 0 ≤ n < 2, or 36 + 32 = 68%, are rejected. The remaining 100 - 68 = 32% are accepted. If t = 6, the imposter attempts in the range 0 ≤ n < 6, or 100%, are rejected. No imposter attempt is accepted.
10.2.1: User authentication. The table shows the percentages of imposter attempts for different ranges of n. For t = 1, _____% of imposter attempts are accepted. For t = 2, _____% of imposter attempts are accepted. For t = 6, _____% of imposter attempts are accepted.
Expected: t = 3, t = 5 With t = 3, the attempts in the range 0 ≤ n < 3, or 45 + 36 + 11 = 92%, are rejected, which satisfies the first condition. With t = 2, only 45 + 36 = 81% would be rejected. With t = 5, the attempts in the range 0 ≤ n < 5, or 45 + 36 + 11 + 4 + 4 = 100%, are rejected, which satisfies the second condition.
10.2.1: User authentication. The table shows the percentages of imposter attempts for different ranges of n. To reject at least 90% of imposter attempts, the threshold must be t = ______ To reject at least 99% of imposter attempts, the threshold must be t = ______
5 The function H multiples 7 * 12 = 84, which is 0000 0000 0101 0100 in binary. The middle 8 bits of 84 are 0000 0101, or 5 in decimal.
10.2.2: Challenge-response authentication. A challenge-response system uses a single byte (8 bits) to represent each of r, pw, and H(r, pw). The function H multiplies r and pw to produce a 16-bit value, then returns the middle 8 bits as the result. A user's password is 12 (or 0000 1100 in binary). If the system generates r = 7, then the value of H(r, pw) returned to the system by the user is _____. 5 7 12 84
a password can easily be guessed Using a single byte, only 256 different passwords can be generated and thus easily guessed by brute force. In practice, much longer strings must be used.
10.2.2: Challenge-response authentication. A challenge-response system uses a single byte (8 bits) to represent each of r, pw, and H(r, pw). The function H multiplies r and pw to produce a 16-bit value, then returns the middle 8 bits as the result. A user's password is 12 (or 0000 1100 in binary). The above scheme is weak because _____. a password can be extracted from H(r, pw) the function H is known and too simple a password can easily be guessed
10 13 * 13 = 169, which is 10101001 in binary. The middle 4 bits are 1010 or 10 in decimal.
10.2.3: One-time passwords. A one-way function H to generate a series of passwords H(pw), H(H(pw)), etc., takes a 4-bit number, squares the number, and selects the middle 4 bits as the result. If the initial password pw is the number 13, then H(pw) = _____. 13 10 26 169
4 must be used as the first password. The passwords 13, 10, 9 are safe in case password 4 is captured since none of the three can be derived from 4.
10.2.3: One-time passwords. A one-way function H to generate a series of passwords H(pw), H(H(pw)), etc., takes a 4-bit number, squares the number, and selects the middle 4 bits as the result. The first 4 passwords generated using the above scheme are 13, 10, 9, 4. 4 must be used as the first password. 13 must be used as the first password. The passwords can be used in any order.
100,000 Without salt the program performs 100,000 encryptions. With salting the program performs 1,000,000,000 encryptions, or 10,000 times as many. When each encryption takes 10 times longer, another factor of 10 is added for a total slowdown factor of 100,000.
10.2.5: The effects of password salting. A password file contains 10,000 user passwords. A password guessing program generates 100,000 fake passwords using a dictionary. The time of encryption usually depends on the size of the string being encrypted. If adding a salt to each password increases the encryption time 10 fold, then salting will slow down the program by a factor of _____. 10 10,000 100,000
1,000,000,000 Each fake password must be combined with each of the 10,000 known salt values and then encrypted.
10.2.5: The effects of password salting. A password file contains 10,000 user passwords. A password guessing program generates 100,000 fake passwords using a dictionary. With salting, the program will perform ____ encryptions. 10,000 100,000 1,000,000,000
100,000 The program must encrypt all 100,000 fake passwords and compare each to all valid passwords.
10.2.5: The effects of password salting. A password file contains 10,000 user passwords. A password guessing program generates 100,000 fake passwords using a dictionary. Without salting, the program will perform ____ encryptions. 10,000 100,000 1,000,000,000
no imposter attempts are accepted 0.5 is the lowest possible threshold to guarantee that no imposter attempt is accepted.
10.2.7: Placing a threshold in biometric authentication. In a biometric user authentication system, imposter attempts generate values between 0 and 0.5, while genuine attempts generate values between 0.3 and 1. If the threshold is placed at 0.5 then _____. some imposter attempts are accepted while some genuine requests are rejected no imposter attempts are accepted no genuine requests are rejected
D1: O3, O4 D2: O1, O2 D3: None A process in domain D is the owner of object O if the corresponding entry contains the o-right. Only the owner of object O can destroy O. The owner of object O can add any right or remove any right for O to/from another domain. A process in D1 is the owner of O3 and O4, so D1 can remove a right from another domain for O3 and O4. A process in D2 is the owner of O1 and O2, so D2 can add a new right to another domain for O1 and O2. A process in D3 is not the owner of any object, so D3 cannot destroy any object.
10.3.1: Access controls. An access matrix consists of 3 domains and 4 objects. For each statement, select all objects (if any) that apply. A process in D1 can remove a right from another domain for object(s): ________ A process in D2 can remove a right from another domain for object(s): ________ A process in D3 can remove a right from another domain for object(s): ________
Dn Dn has the r-right for all objects listed in the matrix.
10.3.2: The meaning of rights in the access matrix. A process p in domain _____ can read all listed objects. D1 Dn
D3 D3 has the x-right for O1.
10.3.2: The meaning of rights in the access matrix. Object O1 can be executed by a process in domain _____. D1 D2 through Dn D3
D3, Di, or Dn Each of the domains D3, Di, and Dn has the r-right for O2
10.3.2: The meaning of rights in the access matrix. Object O2 can be read by a process in domain _____. D3 only D3, Di, or Dn D1 though Dn
false D2 does not have the r-right for Oj and thus cannot add the right to to other domains.
10.3.4: Operations on the access matrix. A process in D2 can add r to A[Di, Oj]. True False
true D2 is the owner of O1 and can add any rights for O1 to any domain.
10.3.4: Operations on the access matrix. A process in D2 can add x to A[D1, O1]. True False
true D2 is the owner of O1 and can add any rights for O1 to other domains.
10.3.4: Operations on the access matrix. A process in D2 can add x to A[D1, O1]. True False
1 Columns O2 and O5 have only a single entry.
10.3.6: Access lists vs capability lists. An access matrix consists of 3 domains and 5 objects. All non-empty entries are marked with "r". The matrix can be implemented as access lists or as capability lists. The shortest access list has the length _____. 1 2 5
2 Row D1 has the smallest number of entries.
10.3.6: Access lists vs capability lists. An access matrix consists of 3 domains and 5 objects. All non-empty entries are marked with "r". The matrix can be implemented as access lists or as capability lists. The shortest capability list has the length _____. 1 2 5
plaintext P was encrypted using E and the resulting ciphertext is decrypted back to P using D.
10.4.2: Plaintext and ciphertext. D(E(P, Ke), Kd) is a _____. plaintext tciphertext
ciphertext E(P, Ke) is the encrypted ciphertext P.
10.4.2: Plaintext and ciphertext. E(P, Ke) is a _____. plaintext ciphertext
none of the 3 properties Capturing C without being able to reveal P does not violate security. Authenticity is violated if the captured C is misused in some way. Non-repudiation is not related to an attack.
10.4.3: Properties of safe communication. Capturing a ciphertext C by an attacker violates _____. secrecy authenticity non-repudiation none of the 3 properties
Information modification
An unauthorized modification of data or programs, which may be performed by a legitimate user or by an intruder.
Information disclosure
An unauthorized release or dissemination of information, which may be the result of theft or the deliberate release of the information by an authorized user.
buffer overflow attack
an intrusion technique that exploits the fact that many programs do not check for array overflow, allowing an attacker to overwrite portions of memory beyond the legitimate scope of an input buffer; common approach for a worm to enter a system.
worm
an unauthorized program, which exploits one or more systems weaknesses to spawn copies of itself on other systems via computer networks. The typical objective is to cause harm to the system by destroying information or causing denial of service.
User deception
Causing a legitimate user to receive and believe false information purported to be true.
information destruction The file becomes unavailable to the owner.
Deleting another user's file without authorization is considered _____. information modification information destruction unauthorized use
denial of service The erasure can destroy service programs or vital data.
Erasing a portion of the disk without authorization is likely to lead to _____. information disclosure denial of service user deception
Encryption/decryption keys
parameters used by the encryption/decryption functions, respectively. Plaintext encrypted using an encryption key cannot be decrypted without the corresponding decryption key