HW5 - HW#5 Privacy and Anonymity/Security Design Principles...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
HW #5: Privacy and Anonymity/Security Design Principles CS 392/6813: Computer Security Fall 2009 Due 11/18/09 [100pts] Problem 1 [50pts] We discussed web search privacy problem in the wake of the accidental release of AOL search data in 2006. In this exercise, your task is to evaluate the following mechanisms that are being deployed in practice to achieve web search privacy: Scroogle: http://www.scroogle.org/ Tor: http://www.torproject.org/ TrackMeNot: http://mrl.nyu.edu/~dhowe/trackmenot/ (related documentation is here: http://www.nyu.edu/projects/nissenbaum/papers/HoweNissTMN.2.8d.pdf ) 1. [10pts] Briefly describe the above mechanisms (since Tor was already discussed in class, you do not need to describe it) and how they try to achieve web search privacy 2. [40pts ] Perform web (google) search using all three mechanisms (one- by-one) (whenever necessary, you would need to install the client software; a windows machine will suffice for the same). Now, critically compare the three mechanisms in terms of (1) the level of privacy provided, (2) performance at the client side as well as at the web search engine, and (3) the usability and level of convenience of web searching Problem 3 [25+25pts] A web server implements access control using two mechanisms. The (perl based) pseudo code for the implementation of these two mechanisms, called version 1 and version2, is provided below. Argue whether or not version 1 and version 2 implementations satisfy the eight security design principles that we studied in class. In case a design principle is not applicable, mention it and explain the reason why it is not applicable.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
----------------------------------------------------------------------------- #Pseudocode for Web Server Access Control Application #version 1 # # Network Setup # # Setup Socket Listening for Connections socket_listen(); # Bind Socket to port 80 # bind_socket(port) bind_socket(80); # Start Listening to incoming connections listen(); # Accept new connection while listen == true accept(); # # Connected to Client # # Ask if user is returning or needs new account. send_welcome();
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 8

HW5 - HW#5 Privacy and Anonymity/Security Design Principles...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online