Download Computer and Network Security - Assignment 1 | CS 4237 and more Assignments Cryptography and System Security in PDF only on Docsity! CS4237 Computer and Network Security Homework #1 (Due 9/24/2007 at the beginning of class) For this assignment, assume you are writing a security policy for cs1301, the introduction to computing class that everyone at Tech has taken in some form or another. Visit the class web page (http://www.cc.gatech.edu/classes/AY2007/cs1301_fall/) to see what the course is about. A partial list of assets and objects that need protection include: • draft homework assignments. Where are these stored? Who has access to these? • communication between the TAs and instructor about course maintenance. (For example, consider whether the instructor should answer questions about grades and class standing in response to an e-mail sent from a hotmail or yahoo account. Should the class require an authentication/encryption system for everything? Or just require that all communication about grades be sent through an acme mail transfer?) • communications between TAs and students. How are e-mails between students and TAs treated? Do they have to be logged or archived, or can the TA just do what they want with the mail? • draft quizzes. Who has access? • graded assignments and quizzes. While homework and quizzes are often on paper, assume there's an electronic artifact created with paper homework or quiz. Where are the electronic records stored? Who has access? • lecture slides and code examples presented in lecture • access to a centralized grading database (here, we can assume “webwork” or any other database). • access to the Banner grading system, so that student grades can be entered at the midterm and semester end. You might identify additional objects that need protection. There are many groups of people that will need access to some of this information. A partial list includes: • Students • TAs • head TA (for this homework, you may assume there are N TAs and just one head TA, with no other layers of bureaucracy in between) • An instructor • A “course owner”, who is a tenured faculty member in charge of high level design of the class • Various administrative officials In doing this assignment, you may make reasonable assumptions about how things are run in the course. Thus, if you're not sure how grades are stored in the real cs1301, you can just assume there's some database somewhere. (List and address your assumptions, of course.)