Skip to content

RiceComp427/comp427-hw1-paranoia-heyLizi

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 

Repository files navigation

Comp427, Spring 2018, Homework 1

Rational Paranoia

The homework specifications, as well as the corresponding course slide decks, can be found on the Comp427 Piazza. This assignment is due Thursday, January 17 at 6 p.m.

You will do this homework by editing the README.md file. It's in MarkDown format and will be rendered to beautiful HTML when you visit your GitHub repo.

Student Information

Please also edit README.md and replace your instructor's name and NetID with your own:

Student name: Yanshu Wei

Student NetID: yw77

Your NetID is typically your initials and a numeric digit. That's what we need here.

If you contacted us in advance and we approved a late submission, please cut-and-paste the text from that email here.

Problem 1

  • Scenario: {Stadium}

  • Assumptions:

    • The stadium is a comprehensive, large-sized stadium, it has indoor gymnasium and outdoor stadium.
  • Assets:

    • Stadium environment
    • Stadium facilities
    • Personal safety of athletes and spectators.
  • Threats:

    • Natural wear and tear as well as man-made damage of stadium and its facilities. If there is wear and tear on the playing field, such as a pit on the grass or a slippery sports ground, it will probably lead to personal injury during high-speed sports. In addition, artificial damage to stadium facilities, such as throwing thumbtacks on the playground or destroying the pillars of the goal, can also cause injury to athletes during the competition.

    • Power supply. Whether indoor or outdoor, electricity supply is very important. Sudden power outages can lead to chaos among athletes and spectators, and chaos in the dark can lead to much worse things, such as stampedes. There are also potential short-circuit problems. Once the circuit is short-circuit, it is likely to lead to fires and so on. Fires in places where large numbers of people gather will lead to catastrophic consequences, such as the burning of venues, casualties and other financial loss.

    • Malicious injury or attack. Because it's a top ranking team, every game will attract a large number of spectators to watch. For some malicious people, this is a good opportunity to do damage, such as placing bombs in venues, carrying dangerous weapons into the stadium and hurt people.

    • Some unpredictable factors, such as throwing objects at high altitude, etc.

  • Countermeasures:

    • Regular inspection can avoid the problem caused by natural wear and tear as well as man-made damage of stadium. Especially before major competitions, cleaning venues, inspecting facilities and replacing equipments with damage, and prohibiting unrelated personnel from entering the playing field before competitions. These measures do not require a lot of personnel and money consumption, but the benefits they bring are to maximize the protection of athletes in the game.

    • Problems in power supply can also be avoided by periodic checks. Regular checks of circuits and replacement of aging circuits are a cost-effective but profitable measure. In order to prevent the problems caused by power off, we can contact the power supply department to take circuit safeguard measures, such as measuring voltage, estimating power consumption, using power supply vehicles when necessary, and so on. But the cost of these measures is high, so I would choose to take these measures only when there are major competitions.

    • Malicious injuries and attacks, such as bomb placement or attack with dangerous weapons, can be avoided by security checks at each entrance of the stadium. But safety inspections require much people, much money, and much time. And on the whole, the probability of terrorist attacks is very small, so I would choose to take these measures only when there are very important competitions.

    • Unpredictable factors. Since they are unpredictable, it is difficult to find measures to prevent them. For example, high altitude throwing can be prevent by building transparent walls between the playing field and spectator seats for indoor venues, but this measure is not feasible in reality. Once the stadium is built, unless necessary, it will not be transformed or rebuilt. So for unpredictable factors, I will choose to post some rules in the venue, as far as possible to make the spectators avoid potential harmful behaviors.

Problem 2

  • Scenario: {Documents}

  • Assumptions:

    • The company is a large company, its information technical team has the ability to develop their own operating sytem for the company.
  • Assets:

    • File system
    • Files in the system
  • Threats:

    • The factors outside the system that make the system unable to work properly. For example, hardware failure, server downtime and other reasons, resulting in the system can not provide services, will affect the normal work of the company.

    • The factors inside the system that cause system collapse due to improper operation. For example, users of the file system download unsafe softwares from unreliable sources, delete the whole database by mistake, and so on, which will also lead to the system unable to provide services, affecting the normal work of the whole company.

    • Malicious intrusion from people outside the company. For example, the access and modification of the file by rival companies, professional spies, hackers and departed employees, whether they access or tamper with non-sensitive documents or sensitive documents, which will involve company secrets or customer privacy, may lead to disastrous consequences.

    • Illegal visits from people inside the company. Since it is an international company, an employee may leave the original department and goto a new department, so he may visit the documents only allowed by his former department again, resulting in information leakage. Ordinary staff may try to access sensitive documents, even they belongs to the company, the leakage of sensitive information will lead to the dissemination of company secrets and customer privacy. More seriously, because these documents contain politically sensitive, economically sensitive and legally sensitive information, their leakage may lead to economic, political and legal confusion and social unrest.

    • Copying, cutting, editing, downloading and uploading of documents from internal staff of the company. Whether it is an ordinary employee or a person with the highest access rights, if he tries to copy files to another location in the file system, it will lead to multiple duplicate files in the file system, resulting in redundancy problems. Especially when a file is modified after copying, there will be multiple files of different versions in the file system, which will hamper work efficiency. And if a person cuts a file to another location in the system, it will cause others to be unable to access the file, also affecting work efficiency. Similarly, if a person edits a file incorrectly, it will hinder the normal work of the person who uses the file. Downloading files can result in bad consequences, too. For a person, although he may not be malicious, if he downloads a file to an unsafe machine, then once the machine is maliciously accessed, it will lead to information disclosure of important files. Uploading files with errors or uploading files to the wrong location can also affect normal work of other system users.

  • Countermeasures:

    • Damage to the external system can be prevented by backing up the file system, updating the hardware driver regularly, and checking whether the equipment running in the system is working properly. These measures will not take up too much manpower and funds, but also maximize the protection of the normal operation of the system environment.

    • In order to prevent the system from being damaged by erroneous operation within the system, measures can be taken to restrict the user's operation on the system, such as forbidding the user to download unreliable softwares and providing limited and safe operations to the user. These measures need to provide a customized or specially modified operating system for all machines that have access to the file system. The human and economic costs of developing the operating system may be high, but this part of the investment is worthwhile relative to the information security of the whole company.

    • To prevent malicious intrusion from outside the company, the file system can be maintained regularly, such as installing firewalls, updating virus libraries regularly, killing virus regularly, closing unreliable ports, etc. These measures often do not require a large amount of human and financial input, and the commercial security softwares provided for enterprises can meet these needs. If companies wants to avoid the threat from commercial anti-virus software, they can also develop their own security software to ensure the security of the file system, which may lead to higher costs, but these measures are also worthwhile compared with the harm caused by document information leakage.

    • To prevent access from employees within the company, it is necessary to restrict the access rights of employees at different levels to the file system. For example, employees who are transferred from a department can not access the files that only the former department has permission to access, ordinary staff do not have permission to access sensitive files, and access to sensitive files requires multiple validation. This part of the setup can be achieved with the operation system modification. Although the cost maybe high, it is worthwhile to do these things since they are essential to the company's information security.

    • In order to prevent the internal staff of the company from making illegal operations on the files in the system, they should also make restrictions on their operations on the file system. For example, ordinary users can not copy and cut files, and modification of ordinary files needs the permission of one highest authorized user. The modification of sensitive documents requires the permission of at least three highest authorized users. It is not allowed to download files, and it will verify the physical address of the device that accesses the file system each time, etc. These settings can also be implemented with the modification of the operating system, and similarly, although they are costly, they are indispensable.

Problem 3

  • Scenario: Student Dormitory (You are an administrator of a university student dormitory. This building is inside the campus and there are about 300 students living in it.)

  • Assumptions:

    • Same as the brief introduction.
  • Assets:

    • Dormitory building
    • Dormitory facilities
    • Personal safety of resident students
    • Property sagety of resident students
  • Threats:

    • Hidden dangers in dormitories, such as water stains at gates, windows with too large opening angles, exposed wires, etc.

    • Supply of water, electricity and power networks. The dormitory water shutdown, power outage, disconnection of network will affect students’ normal study and life, if the supply is shut down for many days, it may even endanger life. Similarly, if students use high-power electrical appliances that lead to short circuits, it may cause other disastrous accidents, such as fires.

    • Campus thieves and robbers. Thieves may sneak into students’ dormitories and steal their valuables; robbers may commit crimes near dormitories, threatening the safety of students' lives and property.

    • Contradictions among students, such as fierce fighting and even the use of weapons.

  • Countermeasures:

    • The potential safety hazards in dormitories can be avoided by regular checks. Set up a telephone hotline, when resident students find a security hazard somewhere, call to report the situation, and send a special person to repair in time. Record each resident's contact information and set up a notice. When the potential safety hazards have not been eliminated, inform the students to avoid being near the place as far as possible. When an emergency occurs, such as fire, inform the students to evacuate urgently by means of radio, mail and phone message. These measures will not consume a lot of manpower and material resources, but they are highly efficient.

    • Problems in water, electricity and network supply can also be avoided through regular inspection. Regular inspection of circuit, water pipe, network equipment and replacement of equipment with problem, timely notification of relevant companies to solve problems when problems occur, putting up posters to advise student to use electricity safely, etc.. These measures will not consume a lot of manpower and material resources, but also have good effects.

    • The harm caused by campus thieves or robbers can be avoided by means of entrance guards and campus security patrols. Every person who enters or leaves the dormitory should use his student card to prove identity, contact the campus guard to patrol regularly, escort at night, etc. Once theft or robbery occurs, the harm will be very great or even irreparable. These measures do not require a large number of personnel and funds, and can ensure students’ security, so it is inevitable and necessary to take measures.

    • Contradictions among students can not be predicted and prevented in advance. Once a fierce fight occurs, it is necessary to mediate the two parties involved in the fight. If the fight is too fierce and the mediation fails, campus guards should be notified to solve it. Organize more activities at ordinary times within the dormitory building to enhance the communications between the students. These measures also do not require a lot of human and material resources.

About

comp427-hw1-paranoia-heyLizi created by GitHub Classroom

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published