Development of assurance

Answer the following questions.
1)(10 pts.) Chapter 18 (pgs. 494-495) –Problem#4

Question: Requirements are often difficult to derive, especially when the environments in which the system will function, and the specific tasks it will perform, are unknown. Explain the problem that this causes during development of assurance.

2) (10 pts.) Chapter 18 (pgs. 494-495) –Problem#5

Question: Why is the waterfall model of software engineering the most commonly used method for development of trusted system?

3) (10 pts.) Chapter 20 (pg. 569) –Problem#3

Question: Why does the Boyer-Moore theorem prover perform induction only when the other five steps fail to simplify the formula? Why does it not try induction first?

4) (10 pts.) Chapter 21 (pgs. 609-610) –Problem#4

Question: What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the TOE security Functions

5) (10 pts.) Chapter 21 (pgs. 609-610) –Problem#6

Question: identify the specific requirements in the Common Criteria that describe a reference validation mechanism. Hint: Look in both security functional classes and security assurance classes.

6) (10 pts.) Chapter 23 (pgs. 685-687) –Problem#5

Question: Can the UNIX Bourne shell variable HOME, which identifies the home directory of a user to programs that read start-up files from the user’s home directory, be used to compromise a system? If so, how?

7) (10 pts.) Chapter 23 (pgs. 685-687) –Problem#11

Question: The NRL classification scheme has three axes: genesis, time of introduction, and location. Name two other axes that would be of interest to an analyst. Justify your answer.

8) (10 pts.) Chapter 23 (pgs. 685-687) –Problem#12

Question: In the NRL, classification scheme for the “time of introduction” axis, must the development phase precede the maintenance and operation phases, and must the maintenance phase precede the operation phase? Justify your answer.

9) (14 pts.) Essay Question: Type-1 certification (TOP SECRET) focuses on Development Methodology. How would you address this certification issue with your hypothetical company (make up one for this problem) for your system (for example: operating system) that you are trying to certify at the TOP SECRET level? This certification issue focuses on two areas: (a) Software Development Process and (b) Life Cycle Model. Hint: Remember; you are focusing on security as your top priority for this case and not necessarily performance. (All the external information (outside of your textbook) you need to answer this question is on the Internet (no other sources allowed) and you don’t need a security background on this subject. In addition, this subject has been addressed in a previous course in the INFA Curriculum (610)). This is a capstone question to get you thinking as a computer security system designer for information assurance.

10) (6 pts.) You have two (2) data centers shown below. You are the information security design engineer for Bonner Corporation. You have been asked to develop three (3) requirements for the data centers that address CIA. Please identify the requirements you are addressing and describe it in detail.

    Looking for the best essay writer? Click below to have a customized paper
    written as per your requirements.