Sample Midterm

These are sample questions that are very similar to the ones I will ask on the midterm.

Why is a precise statement of security requirements critical to the determination of whether a given system is secure?
Which of the following does the Needham-Schroeder protocol require?
1. A trusted third party
2. A public key cryptosystem
3. A certificate authority to identify the users
4. A connection to the Internet
Which of the following demonstrate violations of the principle of least privilege? Please justify your answer.
1. The Linux root account, to which no access controls are applied.
2. A user whose function is to maintain and install system software. This user has access to the source files and directories, access to only those programs needed to build and maintain software, and can copy executables into system directories for other users. This user has no other special privileges.
How does the Clark-Wilson model require authentication of users to be done?
1. A trusted user must vouch for the new user
2. Two-factor authentication must be used
3. If passwords are used, they must be at least 12 characters long, and use a mixture of letters, digits, and other characters
4. None of the above
What is a certificate? What is it used for?
Represent a security compartment label using the notation (security level; set of categories ) where the security levels are “high”, “medium”, “low”, or “unknown” (in decreasing order of trust) and the security categories are “dog”, “cat”, and “pig”. Can a user cleared for (medium; { dog, cat }) have read or write access (or both or neither) to documents classified in each of the following ways under the Bell-LaPadula model?
1. (high; { dog })
2. (low; { dog })
3. (medium; { dog, cat })
4. (unknown; { pig })
5. (high; { dog, pig, cat })

Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu

ECS 153A, Computer & Information Security & Privacy I
Version of April 26, 2026 at 11:41PM

You can also obtain a PDF version of this.