CSCI 343 - Homework 2

Due by the end of day, Monday 26 Sep 2016

Answer the following questions and submit them via BlackBoard.

  1. (6 pts.) Consider the handin program used by CS. Give examples of confidentiality, availability, and integrity requirements associated with this system. For each, indicate the degree of importance of that requirement.
  2. (5 pts.) Still considering the handin program used by CS, what can you say about the other 3 goals of security (Authenticity, Anonymity, and Assurance)? For each, indicate if they apply and why/why not.
  3. (5 pts.) Reports of computer security failures frequently appear in the daily news. Cite a recently reported failure that exemplifies one or more of the "principles" presented in class (easiest penetration, adequate protection, effectiveness, weakest link) and explain how it applies. Include a discussion of what security principles were violated.
  4. (9 pts.) [G&T R-1.6,1.9,10] With respect to the CIA-AAA concepts, what risks are posed by:
    1. email spam
    2. a packet sniffer monitoring all traffic at a wireless access point
    3. someone buying songs online, burning a CD of them, ripping that to MP3s, and then giving all their friends copies of the songs
  5. (5 pts.) [G&T C-2.2] For safety reasons, external locked doors on commercial buildings have mechanism that allow people on the inside to escape without needing a key or combination. One type uses an infrared motion detector to open an electronic lock for people moving towards the door from the inside (e.g., grocery store doors). Explain how a gap under such an external door might be exploited to open the door from the outside.
  6. (5 pts.) [G&T C-2.3] A group of n pirates has a treasure chest and one unique lock and key for each pirate. Using hardware that is probably lying around their ship, they want to protect the chest so that any single pirate can open the chest using his lock and key. How do they set this up?
  7. (15 pts.) Oberlin College has a wide range of computer and network resources on campus in a variety of locations (e.g., computer labs, servers, network closets, wireless access points). Pick one and analyze it in terms of its physical security. Address this in terms of
    1. Location protection
    2. Physical intrusion detection
    3. Hardware attacks
    4. Eavesdropping
    5. Physical interface attacks
    In your opinion, are the measures in place appropriate? What recommendations would you make to the powers that be to reasonable improve the physical security?

If you followed it, be sure to include the honor code on your assignment.

Last Modified: September 19, 2016 - Benjamin A. KupermanVI Powered