CS5430 System Security

CS5430 Homework 1: Security Requirements

General Instructions. You are expected to work alone on this assignment.

Due: Feb 5 (Tues) 11:59pm. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution as .pdf, as follows:

Use 10 point or larger font.
Start each problem on a new page.
Use at most 1 page per problem.

Problem 1: The self-service parking garage in downtown Ithaca has automatic gates that, by default, are positioned to block vehicles at the entrances and exits.

The entry gate lifts to allow passage of a car only if (i) a car is stopped in front of the entry gate, (ii) a time-stamped ticket has then been generated by a machine located near the driver's side of that car, and (iii) that time-stamped ticket is removed from the machine. After the gate lifts and a car is no longer stopped in front of the gate, then the gate returns to blocking the entrance.

The exit gate lifts to allow passage of a car when a car is stopped in front of the exit gate and a validated time-stamped ticket is inserted into a machine located near the driver's side of that car. After the gate lifts and there is no longer a car stopped in front of the gate, then the gate returns to blocking the exit.

The driver uses a vending machine located on the first floor, as follows, in order to obtain a validated a ticket: The driver inserts the time-stamped ticket received at the entry gate, inserts the requested payment amount (calculated based on the elapsed time since the car entered), and then removes the validated ticket. Parking between 9am and 8pm is charged at $1.00 per hour. Parking during other times is free.

What security properties is this system enforcing? For each property, discuss whether it is confidentiality, integrity, or availability.

A suggestion has been made to eliminate the entry gate and instead to post a sign that tells drivers to take a ticket. The rationale: drivers are being told that a validated ticket is required for exit and, therefore, they have an incentive to collect the time-stamped ticket at the entry. Do you recommend that this suggestion be implemented? Explain.
A suggestion has been made to alter the entry gate so that it works as follows:
Do you recommend that this suggestion be implemented? Explain?
A suggestion has been made to have the entry and exit gates transition into the raised position (so vehicles pass unimpeded) between 8pm and 9am. Do you recommend that this suggestion be implemented? Explain?

Problem 2: These days, airline passengers are searched for bombs and other potentially dangerous material. But it is too costly to search every passenger, so sampling is employed. There is a design choice about who gets selected for searches:

Select randomly among all passengers.

Select passengers satisfying certain predefined profiles.

Adopt (1) and you end up searching babies, grandmothers, and congressman; adopt (2) and you might only search males of a certain age and ethnicity.

Given a fixed budget for performing searches, which of (1) and (2) is likely to be more effective at decreasing the chances of successful future terrorist attacks on airplanes. Justify your answer.

Problem 3: In an attempt to eliminate "fake news", the U.S. Congress is debating a law that would require any news stories posted on the web to include a tag that gives the name and address of a person who vouches for the authenticity of that story.

A web site that posts stories without such tags or with unauthenticated tags would be fined.

An individual who submits a "fake news" story for posting would be fined.

Discuss ways in which the proposed law might have undesired consequences.

Discuss ways in which the law might be modified to eliminate undesired consequences.