Document Preview:

INFA 670, Spring 2011
Midterm
Prof. J. Bonner
Student Name:
Note: There is no minimum or maximum page length for your answer sheet. Answer questions with well thought out answers, explain your answer, and show your work. Answers, even if right but without an explanation (Also- must include references for each problem-APA Style), will get no credit. Test is open book/notes/internet, but individual, NOT TO BE SHARED. There is no limitation in terms of space for each answer as the content is more important than the quantity. Save the file as a word file, and post it in the Grade Book before the deadline. Do keep the questions/instructions in this word file with your answers.

Answer the following questions.1)(10 pts.) Chapter 18 (pgs. 494-495) –Problem#4

Requirements are often difficult to derive, especially when the environments in which the system will function, and the specific tasks it will perform, are unknown. Explain the problems that this causes during development of assurance.

2) (10 pts.) Chapter 18 (pgs. 494-495) –Problem#5

Why is the waterfall model of software engineering the most commonly used method for development of trusted systems?

3) (10 pts.) Chapter 20 (pg. 569) –Problem#3
Why does the Boyer-Moore theorem prover perform induction only when the other five steps fail to simplify the formula? Why does it not try induction first?

4) (10 pts.) Chapter 21 (pgs. 609-610) –Problem#4

What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the TOE Security Functions?

5) (10 pts.) Chapter 21 (pgs. 609-610) –Problem#6
Identify the specific requirements in the Common Criteria that describe a reference validation mechanism. Hint: Look in both security functional classes and security assurance classes.

6) (10 pts.) Chapter 23 (pgs. 685-687) –Problem#5
Can the UNIX Bourne shell variable HOME, which identifies the home directory of a user to programs that…