Homework 1: Rational Paranoia

CSC 466/566 
Computer Security Homework 1: Rational Paranoia
Homework 1: Rational Paranoia
This homework is due Wednesday, February 2, 2022 at 11:59 p.m. and counts for 5% of your
course grade. Late submissions on the next day (24 hours) will be penalized by 30%. Submission
within second and third day (24-72 hours) will penalized by 60%. We will not accept any submissions after that. If you have a conflict due to travel, interviews, etc., please plan accordingly and
turn in your homework early.
We encourage you to discuss the problems and your general approach with other students in the
class. However, the answers you turn in must be your own original work, and you are bound by the
Honor Code. Solutions must be submitted electronically via D2L in PDF format by completing the
template on page 2 below.
For each scenario below, imagine that you are in charge of security. Apply the security mindset to
answer these questions:
What assets are important for you to protect?
What security threats will you choose to defend against?
What countermeasures can you justify, in terms of costs and benefits?
Answer each of the above in the form of a bulleted list, with brief justifications or explanations as
necessary. Your explanations for each part should be approximately a paragraph in length. The
overall response should be no less than three pages and no more than 6 pages. State any critical
assumptions you decide to make. Your grade will be based on the thoroughness, realism, and
thoughtfulness of your analysis.
1–2. Pick two of the following scenarios. (If you submit responses for more than two, you’ll
receive the two lowest scores.)
(a) You run the weekly Powerball lottery.
(b) You manage the twitter account for the POTUS.
(c) You run a small convience store that caters to CS undergraduate and graduate students
that works using automated checkout using Cat cards.
(d) You manage the email server for a major presidential campaign.
(e) Your firm does background checks on prospective employees for the Federal government.
2
3. Suppose you are designing a self-destructive message system (which destructs itself after
5 seconds when it’s seen and can never be retrieved by any party) with modern computing
technologies for agents like Ethan Hunt from the movie Mission Impossible.
4. Choose another scenario from everyday life that we haven’t discussed in class.
Your choice may be directly related to computer security, but it doesn’t have to be.
Submission Template 3
# Problem 1
Scenario:
{Lottery|Stadium|Store|Email|Grading}
Assumptions:
explain_your_assumptions
Assets:
- Asset - explanatory_paragraph
- Asset - explanatory_paragraph
...
Threats:
- Threat - explanatory_paragraph
- Threat - explanatory_paragraph
...
Countermeasures:
- Countermeasure - explanatory_paragraph
- Countermeasure - explanatory_paragraph
...
# Problem 2
(Use the same format as Problem 1 for a different scenario from the list.)
# Problem 3
(Use the same format as Problem 1 for this scenario.)
# Problem 4
Original Scenario:
explain_your_scenario_and_assumptions
Assets:
...
Threats:
...
Countermeasures:
...