Skip to content

RiceComp427/comp427-hw1-paranoia-ZHUANGPP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Comp427, Spring 2018, Homework 1

Rational Paranoia

The homework specifications, as well as the corresponding course slide decks, can be found on the Comp427 Piazza. This assignment is due Thursday, January 17 at 6 p.m.

You will do this homework by editing the README.md file. It's in MarkDown format and will be rendered to beautiful HTML when you visit your GitHub repo.

Student Information

Please also edit README.md and replace your instructor's name and NetID with your own:

Student name: Jiayan Zhuang

Student NetID: jz86

Your NetID is typically your initials and a numeric digit. That's what we need here.

If you contacted us in advance and we approved a late submission, please cut-and-paste the text from that email here.

Problem 1

  • Scenario: Grading
  • Assumptions:
    • Suppose that I am grading homework submissions for a class of 200+ students. The homework is hard but the result takes 25% of the total grades. Only 10% of the students are supposed to get A while everyone is trying to do so.
  • Assets:
    • Students' original homework. This is the most important asset because all of the problem could be solved by referring to the original homework, like academic misconduct, homework misgraded, etc. But, since there could be 200+ student, the original homework will be hard to keep and even search if needed.
    • Students' homework grading record form. This could be a form of students' homework record, which will save a lot of time when searching for one's grade. It is also useful when doing some statistics work, like comparing student's grades of different work to see the trend and counting the average grades.
    • Students' submission record form. This is the proof about if someone submitted his homework or if submitting in time. It is useful when varifing the truth of the student's homework missing event.
    • Account and its password. As a cs major student, we always submit our homework online, which means everyone has at least an online account. The password to this acount is the only way to get access to one's homework.
  • Threats:
    • Academic Misconduct. Since this is a very hard but important homework, it is possible that some students may want to get good grade without making efforts. In this case, they may want to copy others' work by doing a few advises, like changing the sequences of sentences, using near synonym and so on. To get others' work, some students may hacked into others' accounts or others' personal computers to steal their work.
    • Misgraded. There could be some students who don't satisfied with their grades. They could hacked into the grading system to revise their original grades. They may also slip into the office and unlock the professor's computer to do so. They can also hack into the submission system to change their answers and then claim to be misgraded.
    • Mess the submissions up for fun. This maybe very unlikely but we can try to discuss it. Suppose that, someone, who wants to play jokes because of the April Fool's Day, hacks to the system, messes up the submissions or even deletes them all. In this case, we can do nothing witout the copy of students' original work.
  • Countermeasures:
    • Develop an anti-cheating plug-in. The plug-in should be able to detect the paragraphs with same sentences in different sequences, sentences using near synonym and expressing the same meanings, similar ideas with different expressions, etc. This measure requires some money and energy but may has the long-term benefit to prevent academic misconduct.
    • Fix submission platform vulnerabilities regularly. The submission platform cannot be perfect so that student may be able to hack. As a result, regular security checking and fixing are important, especially the vulnerabilities of the platform. Upgrading the firewall regularly is also important.
    • Ask everyone to change the account password regularly. This is costless but useful. In case that the password to the submission system to be cracked or to be known by accident, changing the password regularly is a good way to avoid the unsafety of the account information, I mean, a way to protect the homework submitted.
    • Reinforce the seriousness of hacking. The consciousness of things can or cannot do is the first line of defense against hacking. Tell student the seriousness repeatedly can help them strengthen the consciousness.

Problem 2

  • Scenario: G20
  • Assumptions:
    • Suppose that I am overseeing the security for the G20 summit. This summit is significant and people from all over the world will come, especially the important tasks of each country. So the security issues are important.
  • Assets:
    • Personal information of the national representatives (such as address, private phone number, schdule, etc.). As the organizer of G20 summit, these information should be the most advanced secret. We must be responsible for the security of every representative in our state. Once accident occurs, the event will rise to problem between countries.
    • Venue of the G20 summit. We should do comprehensive inspection in the building in case of some potential risks like hidden cameras and detectaphones. And, the security checking should works well to make sure giving the permitted access to the building right, which means, person with uncertain identification will not be able to get in. What's more, to prevent events like vandalism or unexpected accidents, the escape routes must be valid.
    • Communication network and equipments. In case of signal interference and network intrusion events, the building must have its own network which is robust and is better to have an alternate network as a back-up. Besides, the communication equipments need to be fully charged and work properly. The contact of security guards, the simultaneous interpretation, the release of the media and even the host of the summit rely on these communication equipments.
    • The list of participants. Since these participants are important guests from other countries, we should offer personl protection to all of them, which means, we should follow the list of participants strictly. Besides, it is also an important proof when doing security check.
    • The list of conference staff. The staff in the conference should have a thorough identity check before employed. And they should have professional training for this summit. To prevent some lawbreakers disguised themselves as the staff, the list of staff is also an important asset.
    • The meeting content. When disgussing significant economic problems, there will be debates between representatives. But the conference will come to an end and the representatives will reach an agreement. To prevent some disputes been used to make a fuss, the meeting content needs to be protected.
  • Threats:
    • Signal interference and network instrusion. Some bad people who want to destroy that summit may try different ways to intervene the signal or network connection. There may be ways like unmanned aerial vehicles, signal interference instruments and signal blockers.
    • Damage to the venue. Since there are lots of national representatives in the summit, some terrorists may think about destroying the building to hurt people, like driving into the building intentionally, releasing poison gas and even human bomb.
    • Disguised as a staff member. Concerning about the importance of the national representatives, there may be bad guys disguised as a staff to get close to them. The assassination or injury to the representatives should be prevent in advance.
    • Unexpected accidents. Accidents like sudden power outage or burning may cause panic. Crime like stealing or kidnapping could happen in panic.
  • Countermeasures:
    • Full-body security check. This must be the most necessary method. Ways like face recognition, fingerprint recognition and infrared scanning should be considered to identify everyone come into the building.
    • Empty around the venue. To prevent things like signal interference by unmanned aerial vehicles, intentional driving into the building and even the remote snipers, it is better to empty the building around.
    • Security personnel at each exit. Safe guards with training are necessary to deal with various emergency events. These staffs should also make sure each escape route is clear.
    • 24-hour monitoring to every corner. Reliable security guard with training should keep eyes on the monitoring screen to discover dangerous situations.

Problem 3

  • Scenario: Amazon
  • Assumptions:
    • Suppose that I usually buy things online using Amazon App. I do searching, paying, delivering on the phone. The app may know about my personal information and even the payment method.
  • Assets:
    • Payment. I always pay for the bill online by inputing my card number and password directly. These payment information should be private because once known, other people can use my card and spend my money.
    • Shipping address. Shipping address is always the same as the living address. Once known by bad guys, theft, robbery and kidnapping could happen.
    • Order details. The order details include the phone number and purchase records. These could be used as a excute when defrauding.
    • Personal information. Nowadays personal information become a kind of competitive resources. These informtion could be used in big data to predict customers' flavors, which is helpful when online shops organize their stock.
  • Threats:
    • Burglary and robbery. Since the shipping address will be known when delivery, it is possible that the delivery staff have a sudden bad idea when shipping to a luxury single-apartment with only a weak woman or an old person.
    • Card swiped by stangers. Hackers could hack into the public wifi or the Amazon's system to get the personal payment information. After getting the card number and password, they can use these information to pay for anything they want without card holder's permission.
    • Fraud phone and messege. Once the order detail known, outlaws could pretend to be the customer services and call or text the customer to pay for extra money or give them the card number to get the refund. If careless, you will lose a lot of money because what they say seems like a truth.
    • Personal information disclosure. There is no doubt that personal information could be of good use. Once the information leaks, you may get into trouble, like someone may commit a crime with your identity.
  • Countermeasures:
    • Strong firewall in the website or App. This is the first line to keep stealing and other bad things away.
    • Change the account password regularly. In case that the password to the Amazon system to be cracked or to be known by accident, changing the password regularly is a good way to avoid the unsafety of the account information. It will helpful to prevent information leak.
    • Using the public delivery receiver rather than contacting with the shipping staff directly. This may avoid sudden bad ideo of robbery and burglary becuase no one can expect if the customer is wealthy as well as weak.

About

comp427-hw1-paranoia-ZHUANGPP created by GitHub Classroom

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •