计算机安全学第一次作业_osi security architecture

Review Question 1.1

What is the OSI security architecture?（什么是计算机OSI体系结构？）

The OSI security architecture is useful to managers as a way of organizing the task of providing security. Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms.

OSI 安全体系结构为负责组织安全性的经理提供了描述安全性的必要性。OSI安全架构是作为“国际标准”引入的，它允许计算机和通信经销商生产具有依赖于此架构的安全特征的产品

For our purposes, the OSI security architecture provides a useful, if abstract, overview of many of the concepts that this book deals with. The OSI security architecture focuses on security attacks, mechanisms, and services.

OSI 安全体系结构具有服务的结构描述和支持组织数据安全性的结构。OSI 安全体系结构以安全攻击、结构和服务为目标。

1.2

List and briefly define the three key objectives of computer security.（列出并简要定义计算机安全的三个关键目标。）

Confidentiality（保密性）

Integrity（完整性）

Availability（可用性，有效性）

1.3

List and briefly define categories of passive and active security attacks.（列出并简要定义被动和主动安全攻击的类别。）

Active attacks:Active attacks involve some modification of the data stream or the 
creation of a false stream and can be subdivided into four categories: masquerade, 
replay, modification of messages, and denial of service.

Passive attacks:Passive attacks  are in the nature of eavesdropping on, or monitoring 
of, transmissions. The goal of the opponent is to obtain information that is being 
transmitted. Two types of passive attacks are the release of message contents and 
traffic analysis.

1.6

 List and briefly define the fundamental security design principles.（列出并简要定义基本的安全设计原则。）

Economy of mechanism

Fail-safe defaults  

Complete mediation  

Open design  Separation of privilege  

Least privilege  

Least common mechanism  

Psychological acceptability  

Isolation  Encapsulation  

Modularity

Layering  Least astonishment

3.1

Describe the main requirements for the secure use of symmetric encryption.（描述安全使用对称加密的主要要求。）

1.We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such that an opponent who knows the algorithm and has access to one or more ciphertexts would be unable to decipher the ciphertext or figure out the key. This requirement is usually stated in a stronger form: The opponent should be unable to decrypt ciphertext or discover the key even if he or she is in possession of a number of ciphertexts together with the plaintext that produced each ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure. If someone can discover the key and knows the algorithm, all communication using this key is readable

3.5

What are the two general approaches to attacking a cipher?（攻击密码的两种一般方法是什么？）

Cryptanalysis

Brute-force attack