КАТЕГОРИИ:
Архитектура-(3434)Астрономия-(809)Биология-(7483)Биотехнологии-(1457)Военное дело-(14632)Высокие технологии-(1363)География-(913)Геология-(1438)Государство-(451)Демография-(1065)Дом-(47672)Журналистика и СМИ-(912)Изобретательство-(14524)Иностранные языки-(4268)Информатика-(17799)Искусство-(1338)История-(13644)Компьютеры-(11121)Косметика-(55)Кулинария-(373)Культура-(8427)Лингвистика-(374)Литература-(1642)Маркетинг-(23702)Математика-(16968)Машиностроение-(1700)Медицина-(12668)Менеджмент-(24684)Механика-(15423)Науковедение-(506)Образование-(11852)Охрана труда-(3308)Педагогика-(5571)Полиграфия-(1312)Политика-(7869)Право-(5454)Приборостроение-(1369)Программирование-(2801)Производство-(97182)Промышленность-(8706)Психология-(18388)Религия-(3217)Связь-(10668)Сельское хозяйство-(299)Социология-(6455)Спорт-(42831)Строительство-(4793)Торговля-(5050)Транспорт-(2929)Туризм-(1568)Физика-(3942)Философия-(17015)Финансы-(26596)Химия-(22929)Экология-(12095)Экономика-(9961)Электроника-(8441)Электротехника-(4623)Энергетика-(12629)Юриспруденция-(1492)Ядерная техника-(1748)
The Reading Module
|
|
|
|
THE WRITING MODULE
THE SPEAKING MODULE
After text activity
III. Reading Exercises:
Exercise 1. Read and memorize using a dictionary:
| convenient, property, according to, to exclude, isolation, to moderate, to share, intricate, to distinguish, data, entry |
Exercise 2. Answer the questions:
1) How are protection schemes divided?
2) What systems of information protection are there?
3) What examples of each system are given?
4) What is a protected subsystem?
5) What do the programs of the subsystem protect?
Exercise 4. Match the left part with the right:
| 1 A user may want to restrict | a) permit access to only the average value of the data in a file. |
| 2. For example, he may wish to permit access only on | b) that a file be modified only if two users agree. |
| 3. Possibly, he may wish to | c) access to a file in a way not provided in the standard facilities for controlling sharing. |
| 4. Maybe he wishes to require | d) weekdays between 9:00 A.M. and 4:00 P.M. |
II. Speaking Exercises:
Exercise 1. Define the terms using the suggested words and expressionsas in example:
| Information science | Subsystem | Data | File |
| discipline, deals with, processes, storing, transferring, information | self-contained system within larger system | facts statistics collected together reference analysis | set related data |
EXAMPLE: Information science is a discipline that deals with the processes of storing and transferring information.
Exercise 2. Ask questions to the given answers:
1) Question: ___________________________________________?
Answer: Many different designs have been proposed and mechanisms implemented for protecting information in computer systems.
2) Question: ___________________________________________?
Answer: One reason for differences among protection schemes is their different functional properties--the kinds of access control that can be expressed naturally and enforced.
3) Question: ___________________________________________?
Answer: By constructing a protected subsystem, a user can develop any programmable form of access control to the objects he creates.
Writing exercises:
Exercise 1. Fill in the gaps with the suggested words:
| sharing, own pieces, such, provide |
These are systems that _________isolation of users, sometimes moderated by total sharing of some______ of information. If only isolation is provided, the user of ______a system might just as well be using his_____ private computer, as far as protection and _____of information are concerned.
Exercise 2. Compose a story on one of the topics (up to 100 words):
1) Information protection systems
2) Protection schemes
Lesson 4
Read the text:
Passwords as a general technique have some notorious defects. The most often mentioned defect lies in choice of password--if a person chooses his own password, he may choose something easily guessed by someone else who knows his habits. In one recent study of some 300 self-chosen passwords on a typical time-sharing system, more than 50 percent were found to be short enough to guess by exhaustion, derived from the owner's name, or something closely associated with the owner, such as his telephone number or birth date. For this reason, some systems have programs that generate random sequences of letters for use as passwords. They may even require that all passwords be system-generated and changed frequently. On the other hand, frequently changed random sequences of letters are hard to memorize, so such systems tend to cause users to make written copies of their passwords, inviting compromise. One solution to this problem is to provide a generator of "pronounceable" random passwords based on digraph or higher order frequency statistics [26] to make memorization easier.
|
|
|
A second significant defect is that the password must be exposed to be used. In systems where the terminal is distant from the computer, the password must be sent through some communication system, during which passage a wiretapper may be able to intercept it.
An alternative approach to secrecy is unforgeability. The user is given a key, or magnetically striped plastic card, or some other unique and relatively difficult-to-fabricate object. The terminal has an input device that examines the object and transmits its unique identifying code to the computer system, which treats the code as a password that need not be kept secret. Proposals have been made for fingerprint readers and dynamic signature readers in order to increase the effort required for forgery.
The primary weakness of such schemes is that the hard-to-fabricate object, after being examined by the specialized input device, is reduced to a stream of bits to be transmitted to the computer. Unless the terminal, its object reader, and its communication lines to the computer are physically secured against tampering, it is relatively easy for an intruder to modify the terminal to transmit any sequence of bits he chooses. It may be necessary to make the acceptable bit sequences a secret after all. On the other hand, the scheme is convenient, resists casual misuse, and provides a conventional form of accountability through the physical objects used as keys.
A problem common to both the password and the unforgeable object approach is that they are "one-way" authentication schemes. They authenticate the user to the computer system, but not vice versa. An easy way for an intruder to penetrate a password system, for example, is to intercept all communications to and from the terminal and direct them to another computer--one that is under the interceptor's control. This computer can be programmed to "masquerade," that is, to act just like the system the caller intended to use, up to the point of requesting him to type his password. After receiving the password, the masquerader gracefully terminates the communication with some unsurprising error message, and the caller may be unaware that his password has been stolen. The same attack can be used on the unforgeable object system as well.
|
|
|
|
|
Дата добавления: 2015-08-31; Просмотров: 344; Нарушение авторских прав?; Мы поможем в написании вашей работы!