1
CSCI 351 Assignment 2
60 points + 5 bonus points
Instruction:
• Show your own work (at least 50% penalty otherwise)
• Submit a single WORD document (*.doc or *docx only) containing all your
answers to the assignment folder (“Assignment 1”) under D2L (at least 10%
penalty otherwise)
• Make sure you submit the intended one. It is recommended that you download
what has been uploaded and double-check if the correct document has been
submitted.
• You can submit as many times as you want, but the last submission will only be
graded. If the last submission is made after the deadline, there will be a late
submission penalty.
• No plagiarism: Do not copy and paste any from textbooks and other resources to
answer questions (Zero points will be given otherwise).
o Turnitin file similarity should be less than 10%
• AI misuse or AI writing detection (
writing/)
o Should be less than 10%
• No resubmission/extension request will be accepted.
Problem 1. Problem analysis (20 pt. 5pt. each)
Next Generation 911 (commonly referred to as NG911) is a digital, internet protocol (IP)-
based system that will replace the analog 911 infrastructure that’s been in place for
decades (
procurement-guidance,
generation-911-procurement-guidance). Please check the following three videos for more
information related to NG911.
• What is the next generation 9-1-1?
o
• Benefits of NG911 for Law Enforcement
o
onal911Program
• Got 11 Min? Here’s Why NG911 is more Cost Efficient than E911
o
cher%2CENP
Consider you are a user or service provider (local emergency medical, first, or law
enforcement agencies). Use your own words and give at least TWO examples given the
confidentiality, integrity, and availability requirements associated with the system. Which
one is a more important security requirement compared to the others?
a. Confidentiality
2
b. Integrity
c. Availability
d. Which one is more important, or which one is less important? Explain why.
e. (5 bonus points) If possible, list three research/open questions related to NG911
by doing some research.
Problem 2. Classify each of the following as a violation of Confidentiality (C),
Integrity (I), Availability (A), Assurance (AS), Authenticity (AU), or some
combination of these. (25 pt. 2.5 pt each)
a. Bob eavesdrops on Alice’s text messages.
b. Bob crashes Alice’s system.
c. Bob changes the amount of Alice’s check from $100 to $1,000.
d. Bob forges Alice’s signature on a deed.
e. Bob registers the domain name “Costco.com” and refuses to let the company buy or
use that domain name.
f. Bob intercepts Alice’s email message, changes the text, and forwards it to the intended
recipient.
g. Bob is the software developer of the myleo system. Bob left a backdoor in the system
so that he could access the system without 2-Step authentication.
h. Bob obtains Alice’s credit card number and has the credit card company cancel the
card and replace it with another card bearing a different account number.
i. Bob spoofs Alice’s IP address to gain access to her computer.
j. Bob sends spam using his @tamuc.edu email address.
3
Problem 3. Access Control (15 pt., 5 pt. each)
Assumption:
• Privileges: read (“R”), write (“W”), execute (“X”)
• Resources:
– Image files: tamuc.jpg, jessM.png, csci351.gif
– Document files: syllabus.doc, lecture.ppt, assign01.odt
– Binary files: a.exe, b.exe, c.exe, m.dmg
– Video files: lecture01.mp4, lecture02.mp4
– Web files: week1.html, week2.html, week3.php
• Access permissions:
– A has the privilege to read all the document files.
– B has the privilege to read and write all the images files.
– B and C have the privilege to read “syllabus.doc”
– A and C have the privilege to read and execute “a.exe”, “b.exe”.
– C and D have the privilege to read jessM.png.
– D has the privilege to read and write all video files.
– All users have the privilege to read all web files.
– E has the privilege to read and write all web files.
a. Construct the corresponding access control matrix. To answer, use the format in Table
1.1 in the textbook.
b. Construct the corresponding access control list. To answer, use the format in Figure
1.5 in the textbook.
c. Construct the corresponding capabilities list. To answer, use the format in Figure 1.6
in the textbook.