Recently, there have been several cases of someone losing possession of their Twitter account in a
hacking attempt. Review the following two stories:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
https://medium.com/p/24eb09e026dd
Develop an attack tree for stealing a Twitter handle that encompasses the basics of these attacks,
as well as other threat vectors you can think of. Your tree should include at least 25 nodes and be
comprehensive. For an explanation of attack trees, refer to the following article:
https://www.schneier.com/paper-attacktrees-ddj-ft.html
2 Evaluation Framework
In this question you will develop your own evaluation framework (like the one from the lecture on
password alternatives) I ATTACHED . First choose a problem with a security aspect that has at least 4 competing
solutions (try to come up with your own topic, however a few suggestions are below). To compare
these solutions, come up with at least 3 security criteria and at least 3 non-security criteria (functionality,
usability, deployability) that would be desirable for the solution to hold (ideally, they will
conflict in such a way that no solutions will hold all of them). Determine a score for the evaluation
of each property. The example in Lecture 2 used three scores: the solution did not meet the criteria,
it almost held the property, and it fully held the property.
Explain each criteria, and exactly what must be true of the solution to get each possible score in your
ranking. Then evaluate each solution against each criteria, justifying your score. Summarize this in
a chart.
Refer to http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf for a more involved security
evaluation.
in this question i need to do the frame work for payment systems (, Paypal,)
0 comments