Assignment This assignment has a maximum page limit (Times New Roman, 12-point, Single Column) for the main body contents, exclusive of tables of contents, indexes, or bibliographies etc. A penalty of...

Assignment as attached


Assignment This assignment has a maximum page limit (Times New Roman, 12-point, Single Column) for the main body contents, exclusive of tables of contents, indexes, or bibliographies etc. A penalty of 1% of the total possible mark may be applied for every 10 words over this page limit. A failure to comply with any applicable instructions or requirements will result in a 10– 20% penalty at the marker’s discretion. Part I (35%, 3 pages): Windows Security An attacker seeks to view the contents of a specific Microsoft Word document file to which they do not have any kind of access. You may assume that: · no exploitable vulnerabilities of any kind exist; · the attacker has a non-privileged account on the system; · basic system access controls do not currently permit the attacker to access the file and the attacker cannot directly change these controls; and · the attacker cannot physically tamper with the system in any way. Outline and describe the core security mechanisms that Windows implements to prevent the attacker achieving that goal. Include a brief discussion of the low-level mechanisms that protect the operating system from an attack that targets the layer below. The marks breakdown table below may assist you in identifying the general issues that need to be covered. In completing this task, you must use an approach based on the architectural divisions discussed during lectures to organise your answer. You may find that the information discussed in lectures and contained in the textbook substantially assist you to frame your answer. However, you may wish to do some additional research. You should include a complete reference list of any additional sources that you have used. Component Percentage Discussion of how subject credentials are managed and assigned to processes. You may wish to consider the following points. · The different ways that user credentials are handled between, for example, a single autonomous system and one part of an enterprise network. · The low-level system components involved in verifying the user’s identity and then ensuring that the user’s processes have the correct identity if the user is granted access to the system. 10% Operation of relevant access control mechanisms. Describe these in the context of the information given to you in the question. 10% Low level security mechanisms that underpin access control. For example, how does the operating system prevent processes from manipulating the kernel when invoking system calls and accessing privileged memory etc. 10% Clarity and quality of writing, including organisation and evidence of research where necessary. 5%