1.InthemovieOfficeSpace,softwaredevelopersattempttomodifycompanysoftwaresothatforeachfinancialtransaction,anyleftoverfractionofacentgoestothedevelopers,insteadofgoingtothecompany.Theideaisthatforanyparticulartransaction,nobodywillnoticethemissingfractionofacent,butovertimethedeveloperswillaccumulatealargesumofmoney.Thistypeofattackissometimesknownasasalamiattack.Now,findareal-worldexampleofasalamiattackandexpoundhowitworks.Themosttypicalschemeportrayedbyasalamiattackisthatwhichinvolvesanautomatedmodificationtofinancialsystemsandtheirdata.Forexample,thedigitsrepresentingcurrencyonabank'scomputer(s)couldbealteredsothatvaluestotherightofthepenniesfield(<0.01)arealwaysroundeddown(fairarithmeticroutineswillcalculateinbothdirectionsequally).最典型的意大利腊肠攻击方案,包括自动修改财务系统和数据描述。例如,在银行的计算机上表示货币的数字可以被改变,使便士字段的右边的值(<0.01)总是四舍五入(公平的算术程序将在两个方向上计算相等)。Theessenceofthismechanismisitsresistancetodetection.Accountownersrarelycalculatetheirbalancestothethousandthsorten-thousandthsofacent,and,consequentiallyremainoblivious.Evenifthediscrepanciesarenoticed,mostindividualshavebetterthingstodo(likepreservetheirpride)thancomplainaboutanerroneousdigitinsomefaroffdecimalplace.Thefollowing(alleged)scenarioswilldemonstratethat"slices"neednotalwaysbetinytoevadedetection.Infact,theycanberatherlarge,aslongasunsuspectingand/orignorantvictimsareplentiful.这种机制的本质是它的电阻检测。帐户所有者很少计算余额的千分之几或千分之十分,必然继续无视。即使这些差异被发现,大多数人有更好的事情要做(如保持他们的自豪感)比抱怨在一些遥远的小数点错误的数字。以下(所谓)的情况将表明,“片”不一定总是很小,以逃避检测。事实上,他们可以是相当大的,只要不知情的和/或无知的受害者是丰富的。2Inthefieldofinformationsecurity,Kerckhoffs’Principleislikemotherhoodandapplepie,allrolledupintoone.*DefineKerckhoffs’Principleinthecontextofcryptography.(1)即使密码系统的任何细节已为人悉知,只要密钥未泄漏,它也应是安全的。Anydetailsevenifthecryptographysystemhasinformedalltoooften,aslongasthekeydoesnotleak,itshouldalsobesafe*Giveareal-worldexamplewhereKerckhoffs’Principlehasbeenviolated.Didthiscauseanysecurityproblem?(2)自动取款机使用了DES数据加密,相当于一个加密系统,有时候密码未泄露,但犯罪份子知道了身份信息和银行卡号后能够盗取卡里的钱。这个案例中的安全问题有:个人信息泄露,财产的损失。ATMusingDESdataencryption,isancryptographysystem,sometimesthepassworddoesnotleak,butcriminalsstealthemoneyafterknowtheidentityinformationandbankcardnumber.Thesecurityprobleminthiscaseare:personalinformationleakage,thelossoftheproperty.PAGE\*MERGEFORMAT153.Amongthefundamentalchallengesininformationsecurityareconfidentiality,integrity,andavailability,orCIA.A.Defineeachoftheseterms:confidentiality,integrity,availability.B.Giveaconcreteexamplewhereconfidentialityismoreimportantthanintegrity.C.Giveaconcreteexamplewhereintegrityismoreimportantthanconfidentiality.D.Giveaconcreteexamplewhereavailabilityistheoverridingconcern.Answer:A.Confidentialityisoftheinformationwithacertaindegreeofsecrecyonlyforauthorizedpersontoreadandchangeit;Integrityistopreventoratleasttodetectunauthorizedchangestoinformation;Availabilityisthatthelegallyownesandusersforinformation,theyhaveaccesstotheinformationatanytimeiftheyneed.B.ThedocumentaboutStatesecrets.C.Testscores.D.E-commercesite.Toavo...
