Security Review Assignment

This assignment is adapted from Cryptography Engineering, 2nd edition, by Ferguson, Schneier and Kohno (2010).

This exercise deals with developing your security mindset in the context of real products or systems. Your goal with the security reviews is to evaluate the potential security and privacy issues of new technologies, evaluate the severity of those issues, and discuss how to address those security and privacy issues. This review should reflect deeply on the technology that you’re discussing.

Your security review should contain:

Some examples of past security reviews are online at https://cubist.cs.washington.edu/Security/category/security-reviews/

Having a hard time thinking of a topic?

Browse the past security reviews linked above for an idea of things in-scope (but don’t copy them!).

Read the news for articles about newfangled technoligies for inspiration. I like to read Ars Technica and Wired, among others.

Some examples to get you thinking:

And many more (come up with something interesting!).

Deliverables

  1. Your written security review (Submit to the D2L dropbox)
  2. A brief powerpoint slide presentation, following the general outline of the security review (also submit to D2L dropbox). Be prepared to present (probably ~5 minutes, up to 10 minutes allowed) – a few lucky submissions will be selected to be presented to the class.