EE 595: Introduction to Security and Privacy Security Review
Assigned: Friday, March 30, 2018, Due: Saturday, April 14, 2018
Instructor: Tamara Bonaci
Department of Electrical Engineering
University of Washington, Seattle
This course aims to sharpen our “security mindsets”, and to get us all to thinking about the world in a different way. In the light of that, the security review exercise is designed to get you to thinking about security and privacy in a context you might not normally do that.
In this assignment, your goal is to evaluate the potential security and privacy issues of a new and/or emerging technology, and to discuss what could be done to address those potential threats. For example, you might be reading Wired, Slashdot, GeekWire or some other news source, and see an announcement for a new product or service. You might start thinking about the security and privacy implications, and issues associated with this technology. You would then want to formalize your thoughts (in the framework described below), and submit your writeup using the course dropbox.
Your security review should contain:
A short summary of the evaluated technology. You may choose to evaluate a specific product, or a class of products with some common goal (like the set of all implantable medical devices). This summary should be at a high level, around one or two paragraphs in length. State the aspects of the technology that are relevant to your observations below. If you need to make assumptions about a product, then it is very important that you state what those assumptions are.
Assets and security goals. Please state at least two assets and security goals, and please explain why the chosen security goals are important. This should be around one or two sentences per asset/goal.
Potential adversaries and threats. Please state at least two potential adversaries and threats. You should have around one or two sentences per adversary/threat.
Potential weaknesses. Again, please state at least two potential weaknesses, and justify your answer using one or two sentences per weakness.
Potential defenses. Please describe potential defenses that the system could use, or might already be using to address your potential weaknesses above. Please evaluate the risks associated with the assets, threats, and potential weaknesses that you describe. Also, please discuss relevant ”bigger picture” issues (ethics, likelihood that the technology will evolve, and so on).
Conclusion. Please, give some conclusions based on your discussions above.
Your security reviews should be short, between 2 and 3 pages (up to max 3 pages). They should be submitted as PDF files, with 11pt or 12pt fonts, in single-column format with 1-inch margins. Your reviews are due by 11:59pm on Saturday, April 14, 2018.