Confidentiality, integrity, and availability or the CIA triad of security is discussed in Chapter 1. Often these three dimensions of security conflict. Confidentiality and integrity often limit availability.  So, a system should provide only what is truly needed. This means that a security expert has to carefully analyze what is more important among these three dimensions of security in a system or application.

Please provide an example (and justification) where the confidentiality of a system is more important than the integrity or availability of that system. Then provide an example where the integrity of a system is more important than the confidentiality or availability of that system. Finally, provide an example of a system where the availability of a system is more important than the confidentiality or integrity of that system. For example, you might say availability is more important than integrity and confidentiality in a cell telephone system since one must be able to reach their loved ones in an emergency. Someone else might argue confidentiality/privacy is more important in such a system.

2.

There are three main types of cryptographic algorithms: (1) secret key, (2) public key, and (3) hash functions. Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied (For example SSL uses 3DES or DES) for message encryption. Use your own words. When you pick an algorithm, try not to repeat. Be sure to reference your sources. This is one source I like very much; it is easy to read, fairly up-to-date and has a good discussion on the various applications of Crypto:

Gary Kessler (2013): Overview of Cryptography: Retrieved from:http://www.garykessler.net/library/crypto.html#intro

3.

Most cyber-attacks happen because vulnerabilities in system or application software. Buffer Overflow, SQL Injection, Code/OS Command Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery and Race Conditions are very common vulnerabilities. (Refer to both NIST/DHS and MITRE databases of common vulnerabilities (http://nvd.nist.gov/cwe.cfm; http://cwe.mitre.org/top25/).) For this conference, explain what a specific vulnerability is, describe a famous attack that leveraged it (For example, the Morris worm leveraged the buffer overflow vulnerability), and how it can be prevented/minimized.

4.

In this session, you learnt a lot about database security. We will focus three topics for this conference: (1) Inference in ordinary databases, (2) Inference in statistical databases, and (3) Database privacy (through encryption). Please pick one of these three topics and explain in your own words what the problem or issue is, how the issue is being addressed and some of the concerns with the solutions being proposed.

5.

In this conference, we will focus on typical attacks in the Internet affecting confidentiality, integrity and availability at various layers: Layer 1: Physical; Layer 2: Link; Layer 3: Network; Layer 4: Transport, and Layer 5: Application. (This is IP Layering; in IP layering, roughly Session, Presentation and Application of the OSI layers are combined into a single Application layer). Pick one layer and describe typical attacks in that layer and the controls that are employed in the layer to minimize the attack or vulnerability that leads to the attack. For example, in the link layer, there is ARP spoofing and man-in-the-middle attacks. In the IP layer, there is packet sniffing. In the transport layer, there is the SYN flood attack causing Denial of Service. Be as complete as possible and cite your reference materials in your response.