05-436 / 05-836 / 08-534 / 08-734 / 19-534 / 19-734 Usable Privacy and Security

Homework 5

Print your homework out and submit it in person at the start of class (3:00pm) on Monday, February 22nd. Homework will not be accepted after 3:00pm on that day.

• Part 1 (80 points): Coordinating with your project teammates, discuss potentially related work for your class project and identify at least 20 research papers (4-person groups) or at least 25 research papers (5-person groups) that are related to your class project. Then, split these papers up such that each team member is responsible for five. For this homework, each of you should pick at least five papers that are different from what your teammates are picking, read them, and prepare the corresponding part of your related work section of the paper. Ideally, each teammate should choose a set of five papers that are closely related to each other.
  
  For this homework, turn in the portion of the related work section of your final paper that discusses the five papers for which you are responsible.
  
  Note that a related work section should not simply summarize each paper. Instead, you should connect the papers to describe what is known about the field. You should particularly note how your (proposed) project differs from or builds upon this prior work.



• Part 2 (20 points): USB flash drives can spread infections in a number of ways. (One example.) Attackers may distribute infected flash drives by leaving them around where employees of a target company are likely to pick them up. In addition, a user who uses a flash drive to exchange files with another user whose machine is already infected, may pick up the infection on the flash drive and bring it to their own machine. Some companies are prohibiting their employees form using flash drives, but others are just asking their employees to be careful.
  
  Imagine a security tool that runs on a user's computer and monitors the USB ports, looking for programs that run automatically when a flash drive is plugged in. When an autorun program is detected it prevents it from running and displays a warning. The warning dialog offers users the option of letting the program run.
  
  Your first task (to be done in class) is to design the warning using the design tool at http://saucers.cups.cs.cmu.edu/~cbravo/woda/ You may do this yourself or work with someone else. If you are not in class, do this at home. Use the NEAT and SPRUCE guidelines as you develop your design.
  
  Your next task (to be done individually at home and turned in with your homework) is to critique someone else's warning. Go to http://saucers.cups.cs.cmu.edu/~cbravo/woda/ and critique the warning that was submitted immediately before yours. If you submitted the first one then critique the last warning submitted. Please write one bullet point addressing each of the NEAT and SPRUCE messages. Then briefly discuss any additional factors you think might be relevant that are not addressed by NEAT and SPRUCE.



• Part 3 (9-unit students should not do this part. 12-unit students will receive between 0 and 15 points for this part): Write a 3--7 sentence summary and short "highlight" for one optional reading assigned for the February 17th class.