Lecture 9, April 19

Reading: § 23.1–4; 2
Due: Homework #2, due April 26, 2013 at 11:55pm

Discussion Problem. Wired today reported:

All of those questions, messages, and stern commands that people have been whispering to Siri are stored on Apple servers for up to two years, Wired can now report. [ … ] Here’s what happens. Whenever you speak into Apple’s voice activated personal digital assistant, it ships it off to Apple’s data farm for analysis. Apple generates a random numbers to represent the user and it associates the voice files with that number. This number — not your Apple user ID or email address — represents you as far as Siri’s back-end voice analysis system is concerned. Once the voice recording is six months old, Apple “disassociates” your user number from the clip, deleting the number from the voice file. But it keeps these disassociated files for up to 18 more months for testing and product improvement purposes.

Robert McMillan, “Apple Finally Reveals How Long Siri Keeps Your Data,” Wired (Apr. 19, 2013); available at http://www.wired.com/wiredenterprise/2013/04/siri-two-years/

Does this raise any privacy concerns? If so, what are they?

Lecture outline.

  1. Aslam
    1. Goal: Treat vulnerabilities as faults
    2. Coding faults: introduced during software development
      1. Synchronization errors
      2. Validation errors
    3. Emergent faults: introduced by incorrect initialization, use, or application
      1. Configuration errors
      2. Environment faults
    4. Introduced decision procedure to classify vulnerabilities in exactly one category
  2. Models of Attacks
    1. Example attack: rsh and synflooding (“the wily hacker”)
    2. Capabilities and requires/provides models
    3. Attack trees
  3. Access Control Matrix
    1. Subjects, objects, and rights
    2. Primitive commands: create subject/object, enter right, delete right, destroy subject/object

You can also obtain a PDF version of this. Version of April 18, 2013 at 7:43PM