College of Natural and Computational Sciences

Department of Computer Science

Oprating Systems

SEMAHAGN ADAMU…………………………………... ID: NSE/5459/11

 1. What are the fundamental requirements
addressed by computer security?
 In order to do this effectively, there
are primarily three chief elements
of confidentiality, Integrity and
availability are key.
i. Confidentiality – This is the hiding of important information or resources.
It also sees to it only the right person can have access to the information.
ii. Integrity – This is the trustworthiness of data in the systems from the
perspective of avoiding unauthorized changes. This includes two sub
elements called data-integrity and authentication.
iii. Availability – This refers to the ability to access data or a resource as and
when the need arises. Denying access to data has become a common
attack mode
2. Directories can be implemented either as "special files" that can only be accessed
in limited ways, or as ordinary data files. What are the advantages and
disadvantage of each approach?
 Advantage
i. Security is more easily enforced if directories are easily recognized as special
files by the operating system
ii. Treating directory as ordinary file with certain assigned access restriction
provides a more uniform set of objects to be managed by the operating system
and may make it easier to create and manage user owned directories
iii. The i-node is of fixed size and relatively small and hence kept in main memory
for long periods
iv. The purpose of a special file is to expose the device as a file in the file system.

[Submission Date: September , 30,2021]

1|Page
 v. A special file provides a universal interface for hardware devices (and virtual
devices created and used by the kernel), because tools for file I/O can access the
device.
vi. When data is red from or written to a special file, the operation happens
immediately, and is not subject to conventional file system rules
 Disadvantage
i. It may have security bridge
ii. It may give access for third party software and they may exploit the security

3. Explain the difference between statistical anomaly intrusion detection and rule-
based intrusion detection?
 Statistical anomaly detection involves the collection of data relating to the behavior
of legitimate users over a period of time. Then statistical tests are applied to
observed behavior to determine with a high level of confidence whether that
behavior is not legitimate user behavior. 
 Rule-Based Detection involves an attempt to define a set of rules that can be used to
decide that a given behavior is that of an intruder.

4. Explain the difference between conventional encryption and public-key

encryption?
 Speed
i. A private key is much faster than a public key 
 Uniqueness
i. In the case of the private key which is used for symmetric-key cryptography,
the same key is used for encryption and decryption of the message during
the conversation 
ii. On the other hand, a public key which is used in the case of asymmetric key
cryptography uses two keys, one is used during encryption and the other is
used during decryption at the receiver’s end. 
 Secret
i. In the case of a private key, the private key is known only to the sender and
the receiver and to anyone else
ii. In the case of a public key, on the other hand, the key is public and can be
viewed by everyone
 Type of cryptography
i. A private key is used in the case of symmetric key cryptography wherein one
single key is used for transmission between two parties 
ii. In the case of a public key mechanism, there are two different keys used for
the transmission. Which public-key is open for everyone to see and the
private key is available only between the sender and the receiver . 
 Purpose
i. Private key cryptography checks the speed, reliability, and security of the
system 

2|Page
 ii. Whereas the public key testing has a long-term view and checks the
sustainability of the system 
To put it in simple terms, the major difference between symmetric and asymmetric
cryptography is in the key used by the sender and the receiver. If both use the same
key for transmission and receiver, then it is Symmetric key cryptography and if they
use different keys then it is called asymmetric key cryptography.

5. How is the AES expected to be an improvement over triple DEA?

 AES is more secure (it is less susceptible to cryptanalysis than DES).
 AES supports larger key sizes than DES's 112 or 168 bits.
 AES is faster in both hardware and software.
 AES's 128-bit block size makes it less open to attacks

AES DES

3|Page
AES stands for Advanced Encryption Standard
Byte-Oriented
Key length can be 128-bits, 192-bits, and 256-bits.
Number of rounds depends on key length: 10(128-
bits), 12(192-bits), or 14(256-bits)
The structure is based on a substitution-
permutation network
The design rationale for AES is open
The selection process for this is secret but
accepted open public comment
AES is more secure than the DES cipher and is the
de facto world standard
The rounds in AES are: Byte Substitution, Shift
Row, Mix Column and Key Addition
AES can encrypt 128 bits of plaintext
AES cipher is derived from an aside-channel
square cipher
No known crypt-analytical attacks against AES
but side channel attacks against AES
implementations possible. Biclique attacks have
better complexity than brute force but still
ineffective
DES stands for Data Encryption Standard
Bit-Oriented
The key length is 56 bits in DES.
DES involves 16 rounds of identical operations
The structure is based on a Feistel network
The design rationale for DES is closed.
The selection process for this is secret
DES can be broken easily as it has known
vulnerabilities. 3DES (Triple DES) is a variation of DES
which is secure than the usual DES
The rounds in DES are: Expansion, XOR operation with
round key, Substitution and Permutation
DES can encrypt 64 bits of plaintext.
DES cipher is derived from Lucifer cipher
Known attacks against DES include Brute-force, Linear
crypt-analysis, and Differential crypt-analysis
4|Page