Assignment 2 -- CSE P 564 Winter 2015

CSE P 564 Assignment 2: Guidance on How to be Secure (DRAFT)

Goal: The goal of this assignment is to:

Give you experience in researching security solutions for users
Give you experience in identifying knowledge gaps in security solutions for users
Give you experience in synthesizing and conveying security-related recommendations to users and product developers
Related to the above: Give you an understanding of the state of the art in computer security, including what is achievable and what the knowledge gaps are

Although not an explicit learning goal, this assignment is also designed to give you an opportunity to explore security solutions for a problem / topic of interest to you.

Overview of requirements: Prepare and submit a video and companion PDF file. The video will focus on a particular security problem / topic that users encounter today.

How to submit (required). Please submit the video (.mp4) and the companion PDF file into the dropbox. So that other people in the class can view the videos, we anticipate loading the videos onto a cs.washington.edu website, with a .htaccess file that limits access to only people with a valid UW CSE NetID. If you do not want your video to be shared, please let us know by email.

How to submit (optional). We suspect that the results of this process -- the videos -- will be of value to the general public. As a community service, we hope to find a channel / method to publicly share the videos. However, sharing the videos in the public channel is entirely optional. More details TBD.

Due. Feb 9, 9pm (Monday)

Collaboration. You may discuss your video + companion PDF with others before you prepare it.

However, if you discuss your video + companion PDF with others before you prepare it, then (1) leave a thirty-minute (or greater) gap between those discussions and when you start to prepare your video + companion PDF and (2) prepare your video + companion PDF entirely by yourselves.

You may also discuss your video + companion PDF with others after all parties involved in the discussions have completed and submitted their videos + companion PDFs.

Summary: you may discuss your videos + companion PDFs with others, but your videos + companion PDFs are to be on your own.

The Task: Guidelines for Users

People often ask questions like the following of people who work in computer security: How should I do X securely? For example, how should I store my passwords? How can I protect my privacy against web trackers and web advertisers? How can I secure my backups? What security settings should I have on my phone? This assignment will give you an opportunity to answer a question like these.

Your task is to prepare a video and companion PDF. The video should focus on a particular security problem / topic that users face today.

Your video should have the following properties:

Length. It must be at most 10 minutes long.

Format. It should be in this format: .mp4. Let us know if this is an issue. It does not need to be fancy. For example, you could use PowerPoint’s built-in recording capability.

Content.

Summary. Your video should summarize the problem / topic that you are covering. In your summary, you should explain why the problem / topic is important. For example, you may cover the risks to users if they do not adequately address the problem in question.

Current / Common Practices. Your video should discuss common ways that users address the problem / topic today. These are not the “best practices,” but rather the (often ad hoc) solutions that users use today, because (many) users don’t know the best practices.

Recommendations to Users. Present your recommendations to users.

Caveats and Open Questions. There will likely be caveats to your recommendations above. Discuss those caveats, and any known open questions, in your video. For example, are there risks with doing what you recommend? Are there knowledge gaps with existing solutions, e.g., types of threats / use cases not handled by existing solutions?

Directions for Future Research and Innovation (i.e., Recommendations to Product Developers). Discuss directions for future research and innovation. For example, based on the caveats and open questions above, what new products / product modifications would you like to see?

References. Include any relevant references. This could be a single slide with a long list of references; depending on your topic, it may not be necessary to spend too much time on this. However, you should be able to support your claims.

Your supplemental PDF should have the following properties. We will use these PDFs to prepare for class on Feb 10 (since we will likely not be able to review all the videos before class on Feb 10).

One-Sentence Summary. Provide a 1-sentence summary of the problem / topic covered in your video.

Recommendations (Users). Short, bullet list of recommendations for users.

Recommendations (Product Developers). Short, bullet list of recommendations for product developers.

On Problem / Topic Selection. We encourage you to pick problems / topics of interest to you. We also encourage you to think outside the box. For example, when picking problems, in addition to thinking about security problems / topics related to laptops and the Web, we encourage you to think about other users of computing, ranging from USB sticks, to cameras, to selling things on eBay, to different properties / usage scenarios of different countries (e.g., censorship), to parenting technologies (e.g., child Web/location monitoring), to home automation systems, and so on.

Grading Rubric. We expect to grade according to the following rubric:

Video Content	3 - Exceptional	2	1	0
Strength of Summary	Video presents, in a clear way, a summary of the problem / topic presented at the beginning of the video; Summary explains what the problem / topic is and why the problem / topic is important	Summary present, with all the required components, but presentation lacks clarity	Summary present but fails to explain what the problem / topic is or fails to explain why the problem/topic is important	Clearly identifiable summary absent
Strength of Current / Common Practices	Video presents, in a clear way, common ways that users address the problem / topic today; common practice reflect what one might reasonably expect users to do	Discussion of current / common practices present but lacks clarity; common practices do not reflect what one might reasonably expect users to do		Clearly identifiable discussion of current / common practices absent
Strength of Recommendations to Users	Video presents, in a clear way, recommendations to users; recommendations seem well founded	Discussion of recommendations to users present but lacks clarity; recommendations do not seem well founded		Clearly identifiable discussion of recommendations to users absent
Strength of Discussion of Caveats and Open Questions	Video presents, in a clear way, caveats / open questions to the above recommendations; caveats and open questions seem well founded	Discussion of caveats / open questions lacks clarity; caveats and open question do not seem well founded		Clearly identifiable discussion of caveats / open questions absent
Strength of Directions for Future Research and Innovation	Video presents, in a clear way, directions for future research; directions for future research and innovation seem well founded	Discussion of directions for future research and innovation lacks clarity; directions for future research and innovation do not seem well founded		Clearly identifiable discussion of directions for future research and innovation absent
Strength of References	Presentation clearly based on an in-depth investigation into related works and important references	References included, but lack of strong connection between references and the presented material	No references given, but presentation seems factually correct	No references given, presentation does not seem correct

Video Submission Details	3	2	1	0
Video at most 10 minutes long	Within allotted time	Within 30 seconds of allotted time	Within 60 seconds of allotted time	Too long by more than 60 seconds
Name and UW NetID included at the beginning of the video; video uploaded in the correct format		Submitted in the correct format		Not submitted in the correct format

PDF Content	2	1	0
1-Sentence Summary Present	Yes		No
Bullet list of recommendations for users present (will likely repeat content from the video)	Yes		No
Bullet list of recommendations for developers (will likely repeat content from the video)	Yes		No

PDF Submission Details	3	2	1	0
Name and UW NetID included on first page of companion PDF; companion PDF document uploaded in the correct format		Submitted in the correct format		Not submitted in the correct format