Homework 1

This homework is focused on helping you develop the security mindset. It has two parts: a current event review and a security review.


Overview


Background

They say that one of the best ways to learn a foreign language is to immerse yourself in it. If you want to learn French, move to France. This assignment is designed to give you an opportunity to think about security during non-course related activities, such as when you're reading news articles, talking with friends about current events, or when you're reading the description of a new product on Slashdot. Thinking about security will no longer be a chore relegated to the time you spend in lecture, on assigned readings, on textbook assignments, or on labs. You may even start thinking about security while you're out walking your dog, eating breakfast, at the gym, or at a movie. In short, you will be developing "The Security Mindset" and will start thinking like a seasoned security professional.

It is also extremely important for a computer security practitioner (and actually all computer scientists) to be aware of the broader contextual issues surrounding technology. Technologies don't exist in isolation, rather they are but one small aspect of a larger ecosystem consisting of people, ethics, cultural differences, politics, law, and so on. This assignment and the use of the forum will give you an opportunity to discuss and explore these "bigger picture" issues as they relate to security.


Part 1: Current Event Review

Current events reviews should be short, concise, very thoughtful, and well-written. Imagine a broad audience (a general technical audience). Your goal should be to write an article that will help this audience learn about and understand the computer security field and how it fits into the broader context.

Your article should:

  1. summarize the current event;
  2. discuss why the current event arose;
  3. reflect on what could have been done different prior to the event arising (to perhaps prevent, deter, or change the consequences of the event);
  4. describe the broader issues surrounding the current event (e.g., ethical issues, societal issues);
  5. propose possible reactions to the current event (e.g., how the public, policy makers, corporations, the media, or others should respond).

There are some examples of past current event articles here. (You might have to scroll down a bit.) Unlike past years, however, you will not be required to post your current event to a forum or blog.


Part 2: Security Review

Note: the technology that you review in Part 2 does not need to be the same as the technology you consider in your current event review in Part 1.

Your goal with the security review assignment is to evaluate the potential security and privacy issues with new technologies, evaluate the severity of those issues, and discuss how those technologies might address those security and privacy issues. These assignments should reflect deeply on the technology that you're discussing, and should therefore be significantly longer than your current events assignments.

Each security review should contain:

There are some excellent examples of past security reviews here. (The requirements for this assignment changes from year to year, so please pay attention to the specific requirements for this version of the course. Also, unlike previous years, you will not be required to post your security reviews on the forum.)

Please make your submissions easy to read. For example, use bulleted lists whenever possible. E.g., list each asset as its own entry in a bulleted list.


Group Work

You may do your current event articles and security reviews in groups of up to three people. In fact, you are encouraged to work in groups. But if you work in a group, please do not do something like: Have Alice work on the current event and have Bob work on the security review and then put both names on both submissions. Instead, please all work collaboratively on all parts of the assignment. There is a lot of value in actually discussing these topics with other people.


How to Submit

One person in each group should submit a PDF of the current event to Canvas. One person in each group should submit a PDF of the security review to Canvas. Make sure that the names and UWNetIDs of all contributors are at the top of each page of each PDF that you submit.