信息安全技术复习题目最终版VIP免费

1.InthemovieOfficeSpace,softwaredevelopersattempttomodifycompanysoftwaresothatforeachfinancialtransaction,anyleftoverfractionofacentgoestothedevelopers,insteadofgoingtothecompany.Theideaisthatforanyparticulartransaction,nobodywillnoticethemissingfractionofacent,butovertimethedeveloperswillaccumulatealargesumofmoney.Thistypeofattackissometimesknownasasalamiattack.Now,findareal-worldexampleofasalamiattackandexpoundhowitworks.Themosttypicalschemeportrayedbyasalamiattackisthatwhichinvolvesanautomatedmodificationtofinancialsystemsandtheirdata.Forexample,thedigitsrepresentingcurrencyonabank'scomputer(s)couldbealteredsothatvaluestotherightofthepenniesfield(<0.01)arealwaysroundeddown(fairarithmeticroutineswillcalculateinbothdirectionsequally).最典型的意大利腊肠攻击方案，包括自动修改财务系统和数据描述。例如，在银行的计算机上表示货币的数字可以被改变，使便士字段的右边的值（<0.01）总是四舍五入（公平的算术程序将在两个方向上计算相等）。Theessenceofthismechanismisitsresistancetodetection.Accountownersrarelycalculatetheirbalancestothethousandthsorten-thousandthsofacent,and,consequentiallyremainoblivious.Evenifthediscrepanciesarenoticed,mostindividualshavebetterthingstodo(likepreservetheirpride)thancomplainaboutanerroneousdigitinsomefaroffdecimalplace.Thefollowing(alleged)scenarioswilldemonstratethat"slices"neednotalwaysbetinytoevadedetection.Infact,theycanberatherlarge,aslongasunsuspectingand/orignorantvictimsareplentiful.这种机制的本质是它的电阻检测。帐户所有者很少计算余额的千分之几或千分之十分，必然继续无视。即使这些差异被发现，大多数人有更好的事情要做（如保持他们的自豪感）比抱怨在一些遥远的小数点错误的数字。以下（所谓）的情况将表明，“片”不一定总是很小，以逃避检测。事实上，他们可以是相当大的，只要不知情的和/或无知的受害者是丰富的。2Inthefieldofinformationsecurity,Kerckhoffs’Principleislikemotherhoodandapplepie,allrolledupintoone.*DefineKerckhoffs’Principleinthecontextofcryptography.（1）即使密码系统的任何细节已为人悉知，只要密钥未泄漏，它也应是安全的。Anydetailsevenifthecryptographysystemhasinformedalltoooften,aslongasthekeydoesnotleak,itshouldalsobesafe*Giveareal-worldexamplewhereKerckhoffs’Principlehasbeenviolated.Didthiscauseanysecurityproblem?（2）自动取款机使用了DES数据加密，相当于一个加密系统，有时候密码未泄露，但犯罪份子知道了身份信息和银行卡号后能够盗取卡里的钱。这个案例中的安全问题有：个人信息泄露，财产的损失。ATMusingDESdataencryption,isancryptographysystem,sometimesthepassworddoesnotleak,butcriminalsstealthemoneyafterknowtheidentityinformationandbankcardnumber.Thesecurityprobleminthiscaseare:personalinformationleakage,thelossoftheproperty.PAGE\*MERGEFORMAT153.Amongthefundamentalchallengesininformationsecurityareconfidentiality,integrity,andavailability,orCIA.A.Defineeachoftheseterms:confidentiality,integrity,availability.B.Giveaconcreteexamplewhereconfidentialityismoreimportantthanintegrity.C.Giveaconcreteexamplewhereintegrityismoreimportantthanconfidentiality.D.Giveaconcreteexamplewhereavailabilityistheoverridingconcern.Answer：A.Confidentialityisoftheinformationwithacertaindegreeofsecrecyonlyforauthorizedpersontoreadandchangeit;Integrityistopreventoratleasttodetectunauthorizedchangestoinformation;Availabilityisthatthelegallyownesandusersforinformation,theyhaveaccesstotheinformationatanytimeiftheyneed.B.ThedocumentaboutStatesecrets.C.Testscores.D.E-commercesite.Toavo...