05-436 / 05-836 / 08-534 / 08-734 / 19-534 / 19-734 Usable Privacy and Security

Homework 6

Print your homework out and submit it in person at the start of class (3:00pm) on Monday, March 6. Homework will not be accepted after 3:00pm on that day.

Part 1 (50 points): We have provided you the following dataset about deaths on the Titanic. The first link is to the raw data. The second explains the dataset; its appendix explains the column values.

  1. The raw data
  2. Robert J. MacG. Dawson. The "Unusual Episode" Data Revisited. Journal of Statistics Education v.3, n.3 (1995)

Using whatever tool you prefer, conduct two different (appropriate) statistical tests to analyze this data. Then answer the following questions (briefly):

  1. What were your two research questions?
  2. What statistical test did you use to answer each question, and why did you choose each test?
  3. What software did you use to analyze the data?
  4. Give the result of each test (including p value).
  5. Briefly interpret your results.

If you don't have prior experience with any statistical software, we highly recommend you go through Blase's R tutorial, which includes lots of sample code.

Part 2 (50 points):

USB flash drives can spread infections in a number of ways. (One example.) Attackers may distribute infected flash drives by leaving them around where employees of a target company are likely to pick them up. In addition, a user who uses a flash drive to exchange files with another user whose machine is already infected, may pick up the infection on the flash drive and bring it to their own machine. Some companies are prohibiting their employees form using flash drives, but others are just asking their employees to be careful.

Imagine a security tool that runs on a user's computer and monitors the USB ports, looking for programs that run automatically when a flash drive is plugged in. When an autorun program is detected it prevents it from running and displays a warning. The warning dialog offers users the option of letting the program run.

Your first task (to be done in class) is to design the warning using the design tool at http://saucers.cups.cs.cmu.edu/woda/ You may do this yourself or work with someone else. If you are not in class or do not finish it in class, do this at home. Use the NEAT and SPRUCE guidelines as you develop your design. Take a screenshot of your warning and include it in your homework.

Your next task (to be done individually at home and turned in with your homework) is to critique someone else's warning. Go to http://saucers.cups.cs.cmu.edu/woda/ and take a screen shot of the warning that was submitted immediately before yours and include it in your homework. This is the warning you will critique. If you submitted the first one then critique the last warning submitted. Please write one bullet point addressing each of the NEAT and SPRUCE messages. Then briefly discuss any additional factors you think might be relevant that are not addressed by NEAT and SPRUCE. (Do not post your comments online. Just turn them in with your homework.)

Part 3 (9-unit students should not do this part. 12-unit students will receive between 0 and 30 points for this part): Write a 3--7 sentence summary and short "highlight" for one optional reading assigned for the March 1 and 6 classes.