ASSIGNMENT 1
Fundamentals of Computer Security (Subject Code 20B12CS332)
Q:1 Provide definitions for the terms "confidentiality," "integrity," and "availability" (CIA
triad). Then, discuss how these concepts are incorporated into the Bell-LaPadula security
model, including one potential limitation of this model in a moderate-level organizational
setting.
Q:2 Describe common security policy issues such as access control and data classification.
Explain how a poorly defined security policy could lead to vulnerabilities, using an example
of an organization implementing a bring-your-own-device (BYOD) policy without proper
guidelines.
Q:3 A mid-sized company experiences a sudden slowdown in their network, followed by
demands for cryptocurrency payments to unlock encrypted files on employee computers.
Employees report that the issue started after opening an email attachment that appeared to be
a legitimate invoice. Based on the introduction to malware, identify the type of malware
involved (e.g., ransomware) and explain its characteristics, including how it differs from a
virus or logic bomb. Propose moderate-level steps the company should take to mitigate future
incidents, referencing security policy issues like user training and backup strategies.
Q:4 An employee working remotely notices unusual pop-up ads and slower browser
performance on their company-issued laptop. Upon investigation, IT discovers tracking
software that has been logging keystrokes and capturing screenshots without the user's
knowledge. Drawing from malicious code concepts, classify this as spyware and differentiate
it from other malware like ransomware or logic bombs. Discuss how security models, such as
role-based access control (RBAC), could be applied to prevent such issues, and outline policy
recommendations for remote workers at a moderate implementation level.
Q:5 A large financial institution discovers unauthorized access to its customer database, with
sensitive data being exfiltrated over several months. The breach began when an employee
clicked on a phishing email, unknowingly installing spyware that later deployed a logic
bomb, disrupting critical financial systems during a high-traffic period. Investigations reveal
that the institution’s outdated security model, based on a state machine model, failed to
enforce granular access controls, and its security policy lacked robust incident response
protocols.
1. Identify and describe the roles of spyware and the logic bomb in this attack. Explain
their characteristics and how they differ from other malware, such as ransomware, in
terms of intent, execution, and impact.
2. Analyze the limitations of the state machine model in preventing this breach,
particularly in enforcing access controls and detecting unauthorized data exfiltration.
� Propose a more suitable security model (e.g., Bell-LaPadula or Biba) for the
institution, justifying your choice with specific reference to the case.
3. Recommend advanced security policy measures to prevent future APTs in a high-
complexity enterprise environment. Include specific strategies such as implementing
intrusion detection systems (IDS), enhancing employee training, and establishing
incident response protocols, ensuring alignment with the institution’s needs.
Q6. Given an organization's email server is being targeted by phishing campaigns containing
keywords like ["urgent", "reset", "account"], describe—step by step—how you would use the
Aho–Corasick algorithm to efficiently detect all instances of these keywords in incoming
emails. What output does the algorithm produce for the email text:
Q7. Suppose you have a dataset of log files where you need to search for multiple security
threat patterns simultaneously. Outline the procedure for applying the Veldman algorithm to
solve this problem. What would be the result if the patterns ["error", "failed", "denied"] are
searched in the log entry:
"User denied access after multiple failed attempts."
