Section 1:
An attacker seeks to view the contents of a specific Microsoft Word document file to whichthey do not have any kind of access.
You may assume that:
- no exploitable vulnerabilities of any kind exist;
- the attacker has a non-privileged account on the system;
- basic system access controls do not currently permit the attacker to access the file andthe attacker cannot directly change these controls; and
- the attacker cannot physically tamper with the system in any way.
Discuss the core security mechanisms Windows implements to prevent the attacker achievingthat goal.
In completing this task, you must use an approach based on the architectural divisionsdiscussed during lectures to organise your answer. You may find that the informationdiscussed in lectures and contained in the textbook substantially assist you to frame youranswer. However, you may wish to do some additional research. You should include acomplete reference list of any additional sources that you have used.
Component Percentage
Subject credentials management/assignment discussion
Operation of access control mechanisms
Low level security mechanisms
Clarity and quality of writing, including organisation and evidence of research where necessary.
word count - 1600
Section 2:
Now assume that the attacker has been able to gain control over the system such that they have gained administrator access.
Discuss briefly how the above outlined security mechanisms would fail, and the reasons forthis failure. Outline an alternative security architecture that could continue to achieve thespecified security goal notwithstanding this new scenario. You should include in yourdiscussion of the security limitations of your approach.
Note that this is intended to be an open-ended problem and your alternative security architecture may or may not exist, so you are expected to think creatively about this solution.
Component Percentage
Discussion of failure of existing architectures
Description of security architecture
Discussion of limitations
Clarity and quality of writing, including organisation and evidence of research where necessary.