网络安全代考 | Exam: High Integrity Systems Engineering

本次澳洲代考主要为alloy网络安全限时测试

2 pts Question 1
Consider a fault-tolerant system that uses two servers A and B, where each server is
a redundant back-up of the other. If you were drawing a fault tree for this system, and
that fault tree had two nodes: “Server A Fails” and “Server B Fails”, that each
represented failure of one of the two servers, which type of gate would the two nodes
be connected by?

Consider a different system. This system contains a web server and a database
server. The web server handles requests from clients and, in order for it to handle
those requests, it communicates with the database server. Consider a fault tree for
this system that contains two nodes “Web Server Fails” and “Database Server
Fails”. Which type of gate would they be connected by?

The attacker modifies the contents of
a public website.

The attacker crashes the system,
preventing other users from accessing

For each of the following threats, which STRIDE category does it best correspond to?

The attacker steals sensitive data
pertaining to other customers.

The attacker pretends to be a
legitimate user of the system.

The attacker is able to have their user
account added to the “System
Administrators” group, i.e. they are
able to obtain Administrator access to
the system.

The attacker deletes the access logs
for the system.

1 pts Question 3
Consider a simple Alloy model of the access control system for a learning
management system (LMS). The job of the access control system is to manage which
users have access to which subjects. It does so by storing for each user and each
subject the roles that the user has within that subject. Roles include being an
Administrator (who is allowed to change which users have access to which subjects
in which roles), an Instructor, a Tutor, and a Student.
We can model the various roles using the following Alloy signature declarations:
abstract sig Role {}
one sig Student, Tutor, Instructor, Administrator extends Role {}
We can model the access control state of this system using the following Alloy
signatures. Here ACL stands for “access control list” and represents the access
control state of the system.
sig Subject {}
sig User {}
sig ACL {
roles : User -> Subject -> Role
}
Complete the implementation of the following predicate which given a user u and
role r, and ACL a, says whether u has role r in any subject, according to the ACL a.