Homework 4

Due: Wednesday, November 20, 2013 at 5:00pm
Points: 100

  1. (50 points) Please find two incidents involving malware, from the news or in web postings, and describe the effects of the attack. (Remember to cite your sources.) Say whether it affected confidentiality, integrity, availability, or some combination of these. How was the malware triggered?

  2. (20 points) Suppose you want to use a cloud-based storage mechanism, like Dropbox (http://www.dropbox.com) or Box (http://www.box.com). How can you make sure that the data you store is not read by an attacker while on the cloud?

  3. (30 points) Andrienko et al.’s paper (see the reading for October 28) presents the following summary of an incident:
    A famous incident regards the case of Apple …, where 3G Apple iOS devices were reported to store the location of their mobile users’ in unencrypted form for a period of over one year. This precise location information was stored without the knowledge of the users and was transmitted to the iTunes application during the synchronization of the device. According to Apple, the stored location information was not used to track the users but was attributed to a programming error which was later fixed with a software update.
    Google and Microsoft have also done similar things, as discussed in the paper. The vendors say the location information is not used to track users, but to improve the quality of their offerings (or is done by accident). Please discuss some of the privacy implications of these actions. In particular, assuming the companies are stating their intentions correctly, do you believe the recording and sending of location information is an invasion of privacy? Why or why not?

Extra Credit

  1. (20 points) Classify each of the following as an example of a mandatory, discretionary, or originator controlled policy, or a combination thereof. Remember to justify your answers.
    1. The file access control mechanisms of the UNIX operating system
    2. A system in which no memorandum can be distributed without the author’s consent
    3. A military facility in which only generals can enter a particular room
    4. A university registrar’s office, in which a faculty member can see the grades of a particular student provided that the student has given written permission for the faculty member to see them.

You can also obtain a PDF version of this. Version of November 5, 2013 at 8:19PM