The homework specifications, as well as the corresponding course slide decks, can be found on the Comp427 Piazza. This assignment is due Thursday, January 17 at 6 p.m.
You will do this homework by editing the README.md file. It's in MarkDown format and will be rendered to beautiful HTML when you visit your GitHub repo.
Please also edit README.md and replace your instructor's name and NetID with your own:
Student name: Rutvik PATEL
Student NetID: rsp7
Your NetID is typically your initials and a numeric digit. That's what we need here.
If you contacted us in advance and we approved a late submission, please cut-and-paste the text from that email here.
- Scenario: TSA
- Assumptions:
- One critical assumption I am making is that as the head of the TSA, I have the legal authority to implement the countermeasures below. Another assumption is that certain strategies offering near-guaranteed security, such as a comprehensive examination of all items on one's person and in one's luggage performed in isolation, are infeasible due to privacy and time constraints. In particular, there is only so much that a flyer is willing to tolerate. Due to the high level of traffic that airports receive on a daily basis, there is also a constraint stemming from personnel costs.
- Assets:
- The most important assets I would like to protect are the users of American airports. This collection of people includes not just citizens and visitors, but also airport staff. I have a moral desire (and obligation) to prevent the deaths of these people at the hands of terrorists. In addition, the media fallout from a successful terrorist attack would be catastrophic and my reputation could be tarnished. Such attacks can also instill fear in the public and diminish trust in the government.
- Another asset that is important for me to protect is the physical infrastructure of airports. Modern airports are the result of tremendous monetary investment in construction and maintenance costs, and it would be no small endeavour to repair the damage caused by a terrorist attack. A related asset to protect is the physical integrity of airplanes, which are similarly expensive. General cleanliness of airports is also worth protecting, because it is an ingredient of customer satisfaction.
- Finally, it is important to protect the personal privacy of flyers (which can be threatened by some physical screening processes) as well as their ability to rely on airports for efficient transportation. Customers also expect that their luggage will not be damaged by the inspection process.
- Threats:
- Airports constitute a natural target for terrorism, because they gather large numbers of people together for mass transit. The stereotypical mode of operation is the detonation of explosive devices either on a plane or in the airport itself, although there are other scenarios to consider. For instance, a terrorist might smuggle weapons onto a plane in an attempt to kill people individually. The consequences are so dire that terrorism is a threat that I cannot afford to ignore. A less serious threat to airport infrastructure is ordinary crime, and even less serious is vandalism.
- Another threat that I choose to defend against is illicit passage through the airport. More specifically, it is important to prevent wanted persons from accessing air transport, and, to a lesser extent, it is important to ensure that passengers have paid for a ticket. This threat is not limited to the passage of people, however; it is also worth protecting against the smuggling of controlled substances in one's luggage, for example.
- Countermeasures:
- Metal detectors, used in conjunction with instructions to remove common metal-containing objects from one's person before moving through them, can defend against the smuggling of weapons and other illegal items onto a plane. Wave scanners accomplish the same thing, and allow security personnel to check the contents of luggage in a non-invasive manner. Although these countermeasures are expensive, they represent an investment that most airports have already made. On the other hand, the benefit is enormous, because these measures are the best line of defense we have against terrorism.
- The use of standardized procedures (to verify identity, for instance) can guard against illicit passage. They are also important because they neutralize the chaos that an adversary would like to effect in the aftermath of a successful assault. Inspection personnel should be trained to handle luggage with care and not to violate flyers' privacy or comfort. A related countermeasure is the use of recording equipment like cameras to aid in investigations of successful attacks, which are useful to prevent future attacks. Costs can be minimized by upfront training of personnel and on-demand (as opposed to continuous) review of records. Cameras would also deter vandalism, and imposing fines for engaging in it would help cover the cost.
- Finally, maintaining strong deterrents for terrorism is critical. An obvious one imposes strict legal consequences. The use of armed guards to monitor the inspection process is particularly powerful, justifying its high cost. Although this may be out of the scope of this scenario, planting undercover guards on flights can also deter assaults.
- Scenario: Grading
- Assumptions:
- I am assuming that, for administrative or logistical reasons, I am the only grader for the class of 200+ students. For simplicity, I will assume that the class is an introductory, core computer science course at Rice University, and that the class roster represents an average set of computer science majors at Rice. Hence most, but not all, of the students respect the Honor Code. Lastly, I assume that the homework is written (i.e., no programming involved) and pledged (i.e., no collaboration or use of non-class materials allowed), with submissions required to be through Canvas, typeset, and strictly on time (with exceptions made at the discretion of the instructor).
- Assets:
- The key asset to be protected is the fairness of the grading process. In particular, cheating through collaboration or use of unauthorized resources like the Internet harms the transgressing student's chance of truly understanding the course material, and it disadvantages those students who put in honest work. Similarly, late work should not be accepted without reason, to level the playing field.
- A second asset that is important for me to protect is the privacy of grades. Students typically trust that their grades will not be shared with anyone outside of the course staff. More generally, a confidentiality guarantee should also apply to students' level of ability, performance, and disability status.
- Lastly, the promptness of the grade and feedback turnaround process is worth protecting. Students need quick feedback on their homework so that they can adequately prepare for future homeworks and exams. However, this asset is a two-sided coin, because grading too fast can lead to mistakes, which are costly to fix and diminish students' trust in my competence.
- Threats:
- The threat of cheating (or, more generally, of circumventing the homework submission process by deliberately concealing lateness, for example) is paramount. Although it is reasonable to assume that most students will not engage in such behavior, the consequences are severe enough that I choose to defend against this threat. In addition, even though the fairness of the grading process could in theory be almost entirely upheld through means like pairwise comparison of homework submissions to detect cheating, there is a tradeoff with the cost of time.
- An internal threat is that, due to the large class size, I may be my own worst enemy when it comes to grading. More specifically, my mental health would be threatened by conducting the grading process without any established guidelines. This would also threaten the students' expectation that the homework be graded consistently.
- Countermeasures:
- To counter violations of the Honor Code, I can use plagiarism detection software to punish cheating, instruct Canvas to automatically deny submissions after the deadline, and manually verify excused late submissions. I can also make upfront declarations that I take Honor Code violations very seriously, which will likely deter some students.
- To counter the internal threat described above, I can enforce certain policies for myself. These include grading in chunks rather than all at once, grading by problem rather than by student, and double-checking point calculations and grade inputs to Canvas. I can also ignore student identification when grading, to minimize bias.
- Scenario: Fondren Library (I used to work in the security desk at the visitor entrance.)
- Assumptions:
- I am assuming that the library has limited staff and funds to use on security.
- Assets:
- The security of the library's patrons is the most important asset to protect. People come to the library to study or work in a quiet environment, and the visitor entrance is one of the points from which this goal can be regulated. Patrons' perception of security is also worth protecting, because that will encourage them to frequent the library. Moreover, since visitors must scan some form of ID to gain entrance, the privacy of their personal information is worth protecting.
- Another asset that is important for me to protect is the integrity of the library's collection. Although many people come to Fondren simply for peace, there is also great value in the library's books and other materials. A related asset is the physical infrastructure of the library, which is costly to repair (partly because doing so would interrupt the library's 24/7 schedule).
- Threats:
- There is a constant threat of unauthorized entrance into the library through the visitor side. While the main entrance requires swiping one's Rice ID card twice, the visitor entrance allows one to exit by simply going through a device that detects materials that have not been checked out. Intruders might vandalize the library, heckle, or even initiate a terrorist attack. An attacker might also demand personal information from the database of visitor IDs.
- Although both entrances to the library have devices that detect materials that have not been checked out, it is possible to walk around them. Another threat is that sometimes tours of the Rice campus pass through the library, and there is the potential for traffic through the visitor entrance to become clogged.
- Countermeasures:
- There are standardized procedures to regulate passage through the visitor entrance. People with a Rice ID card may simply swipe it, while visitors must provide some form of ID to be scanned, before they are manually let through the gate. Clearly, it is important to always ensure there is a staff member manning the entrance when it is open (it is closed at night). Unfortunately there is not much that can be done to immediately deal with aggressive intruders, although there is a panic button under the desk that alerts RUPD. To minimize the severity of privacy attacks, the database of visitor IDs can be scrubbed every so often. Cameras exist to deter would-be attackers, and they can prove useful for investigations in the aftermath of a successful attack. Employing staff to monitor the library for vandalism is costly but feasible, since staff already walk around performing shelving tasks.
- Constant vigilance can help prevent people from stealing materials from the library. Letting campus tours through without any checks can keep traffic down to reasonable levels, at the cost of possibly letting a clever intruder through.