Problems
Problem 1: Analysis of scenarios (in the lab) [9 points]
-
- (6 points) Identify and describe (1) assets at risk, (2) value of the assets, (3) threats to these assets, and (4) threat agents, for any two of the following scenarios (use the materials to learn about them).
- Health.
AMIE: A research AI system for diagnostic medical reasoning and conversations
Unofficial video
- Finances (you may pick any of AI applications mentioned in the video)
- Voting
- Brain-Computer Interfaces
- (3 points) Suggest and describe ways to manage risk for the assets.
Problem 2: Analysis of a real incident (at home) [18 points]
-
- (3 points) Using no more than half a page, summarize a real security incident that has been reported in English-speaking online public media (e.g., The register, Ars Technica, Bruce Schneier’s blog, ZDnet) on or after October 2022. Provide reference(s) to the original report of the incident and the corresponding URL. We should be able to verify the information in your summary by accessing the original report using your reference or URL. Choose an incident that is amenable to the task at hand.
- (3 points) Using another half a page, analyze (1) the value of the assets at risk, (2) threats to these assets, and (3) threat agents, for the stakeholder(s) that experienced most damage, as a result of that incident. If necessary make reasonable assumptions and state them clearly. Classify which of the CIA properties of the valuable assets were reduced as a result of the incident.
- (5 points) Provide an adversary model of the attacker(s) based on the information found about the incident.
- (4 points) Provide a threat model using just the details of the incident. While this threat model is not expected to be comprehensive and complete, it’s expected to be based on the information available about the details of the attack.
- (3 points) Suggest and describe ways to manage risk for the assets.