Lectures

Question 1

What are two key themes in the Computer Security course?

Answer 1

• Thinking about security 
  – The “security mindset”
  – Threat modelling
  – Security principles
  – Current events
• Technical aspects of security
  – Attacks
  – Defenses

Question 2

What are 12 categories that an attacker may be motivated by?

Answer 2

• Access or Convenience
• Curiosity or Boredom
• Desire or Obsession
• Diplomacy or Warfare
• Malice or Revenge
• Money
• Politics
• Protection
• Religion
• Self-Promotion
• World View
• Unusual

Question 3

What are eight ways to brainstorm about security?

Answer 3

• Adversary Motivations
• Adversary Resources
• Assets
• Threats
• Vulnerabilities
• Attack Techniques
• Risks
• Mitigations

Question 4

What are eight categories of assets?

Answer 4

• Emotional Well-being
• Financial Well-being
• Personal Data
• Personal Well-being
• Relationships
• Societal Well-being
• The Biosphere
• Unusual Impacts

Question 5

What are some targets of an adversary motivated by Access or Convenience?

Answer 5

• appointment-based online enrollment systems
• sales of limited tickets
• personal electronics with restricted permissions

Question 6

What are some actions that an adversary motivated by Access or Convenience might take?

Answer 6

• modify personal electronics
• bypass company filtering to access personal e-mail
• access a protected wireless network

Question 7

What are some targets of an adversary motivated by Curiosity or Boredom?

Answer 7

• acquaintances
• strangers
• institutions
• celebrities

Question 8

What are some actions that an adversary motivated by Curiosity or Boredom might take?

Answer 8

• look up celebrity’s medical record
• browse personal photos
• attack a random system

Question 9

What are some targets of an adversary motivated by Desire or Obsession?

Answer 9

• ex-boyfriend
• ex-girlfriend
• celebrities
• children

Question 10

What are some actions that an adversary motivated by Desire or Obsession might take?

Answer 10

• harassing messages
• sexual blackmail
• covert webcam activation
• monitoring communications
• location tracking

Question 11

What are some targets of an adversary motivated by Diplomacy or Warfare?

Answer 11

• public infrastructure
• cyber-physical
• communication
• emergency systems

Question 12

What are some actions that an adversary motivated by Diplomacy or Warfare might take?

Answer 12

• gather data
• spread misinformation
• track individuals
• disable equipment
• cause distractions
• cause bodily harm
• disable communications

Question 13

What are some targets of an adversary motivated by Malice or Revenge?

Answer 13

• ex-employer
• neighbor
• rival

Question 14

What are some actions that an adversary motivated by Malice or Revenge might take?

Answer 14

• misinformation
• cause physical harm
• cause monetary damage
• cause emotional damage

Question 15

What are some goals of an adversary motivated by Money?

Answer 15

• drain assets
• sell DoS services
• extort organization
• sell user data
• sabotage competitor’s system
• manipulate market

Question 16

What are some actions that an adversary motivated by Money might take?

Answer 16

• steal data
• disclose data
• misinformation
• sabotage competitor’s system

Question 17

What are some goals of an adversary motivated by Politics?

Answer 17

• alter, prevent, or invalidate votes
• discredit political figures
• alter the public’s understanding or impression

Question 18

What are some actions that an adversary motivated by Politics might take?

Answer 18

• DoS attack
• steal data
• disclose data
• misinformation

Question 19

What are some targets of an adversary motivated by Protection?

Answer 19

• employers
• government
• family

Question 20

What are some actions that an adversary motivated by Protection might take?

Answer 20

• monitor behavior
• evade censorship
• preemptive attack

Question 21

What are some goals of an adversary motivated Religion?

Answer 21

• spread information about beliefs

* discredit another group

Question 22

What are some actions that an adversary motivated by Religion might take?

Answer 22

• disclose data
• misinformation
• cause physical harm
• cause monetary damage

Question 23

What are some targets of an adversary motivated by Self-Promotion?

Answer 23

• systems with personal information
• prominent systems
• challenging systems

Question 24

What are some actions that an adversary motivated by Self-Promotion might take?

Answer 24

• change grades
• redact information
• deface a corporate website
• crack an encryption scheme

Question 25

What are some issues that an adversary might be motivated by?

Answer 25

• corporations
• environmentalism
• reproductive rights
• drugs
• violence
• sexuality

Question 26

What are some actions that an adversary motivated by a World View might take?

Answer 26

• DoS attack
• disclose data
• misinformation
• cause physical harm
• cause monetary damage

Question 27

What are some assets tied to a person’s Emotional Well-being?

Answer 27

• keepsakes
• peace of mind
• convenience

Question 28

How might a person be harmed due to an attack on their assets tied to Emotional Well-being?

Answer 28

• cause of fear
• cause of anger
• cause of loneliness
• cause of confusion

Question 29

What are some targets tied to a person’s Financial Well-being?

Answer 29

• electronic home-entry systems

* online bank credentials

Question 30

What are some attacks that might affect a person’s Financial Well-being?

Answer 30

• theft
• extortion
• blackmail

Question 31

What are some targets tied to a person’s Personal Data?

Answer 31

• medical records
• embarrassing pictures
• browsing history

Question 32

What are some ways that an attacker might use a person’s Personal Data?

Answer 32

• perform identity theft
• perform blackmail
• delete financial records

Question 33

What are some targets tied to a person’s Physical Well-being?

Answer 33

• access to food and water
• access to electricity
• an individual’s location
• medical devices
• cars
• medication or allergy records

Question 34

What are some targets tied to a person’s Relationships?

Answer 34

• interpersonal
• inter-organizational
• international

Question 35

How might a person be harmed due to an attack on their Relationships?

Answer 35

• damage a company’s reputation

* cause unnecessary tension/arguments between relations

Question 36

What are some targets tied to a person’s Societal Well-being?

Answer 36

• online voting systems
• public infrastructure and cyber-physical systems
• government record databases

Question 37

How might a person be harmed due to an attack on their Societal Well-being?

Answer 37

• create mass hysteria
• alter public discourse
• cause physical harm
• affect access to resources

Question 38

What are some targets tied to the Biosphere?

Answer 38

• public infrastructure and cyber-physical systems

* data centers

Question 39

How might a person be harmed due to an attack on the Biosphere?

Answer 39

• excessive resources are used up
• water sources are polluted
• fires are started

Question 40

Reliability deals with…
Usability deals with…
Security deals with…

Answer 40

Reliability deals with accidental failures
Usability deals with avoiding “operating mistakes”
Security deals with intentional failures created by thinking adversaries

Question 41

The approximation of risk:

Risk = ?

Answer 41

Risk = (value_of_asset) *
(likelihood_of_threat_succeeding) *
(damage to asset)

Question 42

What are threats?

Answer 42

Threats are actions by adversaries who try to exploit vulnerabilities to damage assets.

Question 43

What are three categories of security failures?

Answer 43

• requirement bugs (incorrect/problematic goals)
• design bugs (poor use of cryptography/source of randomness)
• implementation bugs (buffer overflow attacks)