StudyDaddy Engineering

Answered You can hire a professional tutor to get the answer.

QUESTION

There are other example threats.) In contrast this section presents a model without an answer key. It's a lightly edited version of a class exercise...

This assignment is based on the iNTegrity case study presented in Appendix E of our textbook. (The case study starts on page 528.) For this case study, provide answers to Exercise questions #1 and #3 on page 531.

You may find it useful to read Appendix E from the beginning. There is lots of good material there. 

That's it. Just provide answers to 2 questions. Don't worry about mitigations for the threats right now. The goal of this assignment is to get you to better understand how useful models can be to identify and mitigate threats. 

  • Attachment 1
  • Attachment 2
  • Attachment 3
  • Attachment 4
Appendix E I Case Studies as an answer key; but if you do, please don’t feel limited to or constrained bythem. There are other example threats.) In contrast this section presents a modelwithout an answer key. It’s a lightly edited version of a class exercise that wascreated by Michael Howard and used at Microsoft for years. It's included withtheir kind permission. I've personally taught many classes using this model, andit is sufficiently detailed for newcomers to threat modeling to find many threats. Background This tool, named iNTegrity, is a simple file-integrity checking tool that readsresources, such as files in the filesystem, determining whether any files or reg- istry keys have been changed since the last check. This is performed by lookingat the following: I File or key names I File size or registry data I Last updated time and date I Data checksum (MDS and/or SHAI hash) Architecturally, the tool is split into two parts: a host component and anadministrative console. As shown in Figure E-4, one client can communicatewith multiple servers, rather than running the tool locally on each computer. iltrlTegrityr AdminConsole iNTegr'rtyr HostSoftware iNTegr'rty HostSoftware iNTegr'rty HostSoftware Figure E-4: The networked host/admin console nature ofthe iNTegrity tool In another operational environment, it might be known that a machine hasbeen compromised and can no longer be trusted, and the server and client soft-ware can be run off, say, a bootable CD or USB drive. In this case, the integrity- checking code is running under a trusted, read-only Windows environment, andthe host and admin components both read data from the compromised machine, 529
Show more
Related Questions:

Have a similar question?

Continue to edit or attach image(s).

New questions
Homework Categories
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question