Homework 1, Due Jan 14, 5pm
- Attack Trees: Ferguson et al, Exercise 1.1.
- Attack Trees: Ferguson et al, Exercise 1.4.
- Attack Trees: Ferguson et al, Exercise 1.5, e.g., an attack tree for reading Alice's email (assuming Alice uses GMail for her email).
- Elevation of Privilege Card Game: Play five hands with a group of three to six people. You should submit: The names of the people you play with, a short description of the system that you used for the game, your scorecard, and a short 1-paragraph reflection of your experiences with this game. Feel free to play this game with people who are not in this course. (More details below.)
Attack Tree Exercises
These exercises should be done individually. However, you can still talk with others about attack trees per the policies discussed in the course administrivia page here.
For each attack tree exercise, you can present your attack tree as a figure (like in the lecture 2 slides), or you can present your attack tree as a list numbered in outline form (e.g., 1, 1.1, 1.2, 1.2.1, 1.2.2, 1.3, ...).
Your attack trees should be as complete as possible -- try not to overlook any branches. For each tree, you must have at least one path of height four or greater (where the height includes the root and the leaf). For each tree you must also have at least two nodes with four or more children.
Sometimes attack trees can be very deep, however, so in order to keep this problem tractable you can stop expanding on a path from the root after that path from the root contains five nodes (including the root and the leaf); just add a note saying that this node can be expanded further. (You can, of course, continue to expand your trees past a height of five if you desire. Also, it's OK if some paths from the root are shorter.)
Elevation of Privilege exercises
This website describes the elevation of privilege (EoP) card game: http://www.microsoft.com/security/sdl/eop.aspx.
You can play the EoP card game with any system you desire, as long as the system is big enough to have interesting security issues. How do we define "big enough?" As a baseline, you may consider any system at least as big as the electronic voting system discussed in Lecture 2. In fact, you may choose to play the game focusing on that electronic voting system. If you're interested in learning more a about how that electronic voting system works, you can read this paper. (But you don't need to read this paper in order to play this game.)
The EoP game was originally designed to be used by the developers of systems -- to help the developers threat model. We anticipate using the EoP game some more with Lab 3, where you will be building a secure system. This homework assignment is designed to help familiarize you with the game and help expand your thinking about computer security risks. For this assignment you will probably not know the system as intimately as the system developers. Therefore, we will change the rules slightly. Specifically, we will change the method for calculating points as follows:
- 2 points for a threat on your card. (The instructions that come with the deck say 1 point.) Specifically, if you can identify a threat that you know will apply to this system, then you get two points.
- 1 point for a possible vulnerability corresponding to the threat on your card. This is new, and also only applicable if you can't get 2 points per the above bullet. To get this point, you must describe the threat and describe how you think the system might be vulnerable to this threat. I.e., describe a potential vulnerability that the system designers should consider carefully.
- 0 points if you have to play your threat card but don't have a known and possible vulnerability. (Depending on the system you pick to study, you may find that a non-trivial number of cards are not applicable to your system.)
- 1 additional point for taking the trick.
Also, please feel free to be very flexible / generous in interpreting the threats described on the cards. Some of the threats are very specific to certain platforms (like Microsoft), for example. Please also don't take this game too seriously and try to have fun.
Everyone should submit individually, even though you play the game as a group.
- Include the names of the people you played with.
- Your submission should briefly summarize the system that you used for this game. You can create this summary as a group prior to playing the game, and include the summary verbatim in your submission. (I.e., you don't need to re-write the summary in your own words.) The summaries can be short -- hopefully no more than 1/2 a page long.
- Your submission should also include copy of the scorecard (e.g., take a photo and include the photo in your homework PDF submission, or type up your scorecard).
- A short, 1-paragraph description of your experiences with this game: what did you learn, what challenges arose when playing the game, and so on. This should be written individually, though you are of course encouraged to discuss your reflections with others.