Presentation and Report (Worth 10%)
- The presentation, worth 5%.
- The report, worth 5%.
Each topic is a question appropriate for a debate, and as such they need to be studied to look for arguments in favour and against something.
- A perimeter defence is best placed close to the object being protected.
- Any system providing anonymity should also allow for traceability.
- Attacks on information systems are now more likely to be semantic than syntactic.
- Books such as Anderson’s should not be published, they give too much information to attackers.
- Bottom up is a better method of threat analysis than top down.
- CAPTCHA is a powerful tool for user authentication.
- Cryptography doesn’t solve any practical problems.
- Fingerprinting is superior to face recognition as a biometric authentication mechanism
- For access control, discretionary powers are more useful than mandatory controls.
- For naming, the combination of secure and memorable is a better choice than secure and global. (Zooko’s Triangle.)
- In security, unpredictability is more important than predictability.
- Individual psychology plays a more significant role in human aspects of security than cultural or sociological factors do.
- Laws can only be successful if they are widely known.
- Malware scanning isn’t necessary if all software is digitally signed.
- Open source code is more secure than closed source code.
- Pins and passwords should be automatically generated for users.
- Recovery is more important than prevention.
- Security and usability are often in conflict.
- Security is more about assurance than insurance.
- Security Managers don’t need to know anything about cryptography.
- Software companies should be liable for damages resulting from flaws in their software.
- Software piracy is good for the gaming industry.
- Support for illegal activities, such as safe needles for drug use, shouldn’t happen.
- Tangible losses suffered by banks are more important than non‐‐tangible losses.
- The KISS principle is frequently applied in the implementation of security.
- The more automated a system is, the better.
- Trusted platforms improve the level of assurance for users.
- Use case modelling is more appropriate than misuse case modelling.
- User education is an effective method of improving security.
The presentations will take place at the morning class.
Each group is to do at most a fteen (15) minute presentation, aim for 13 or 14 minutes, followed by up to ve (5) minutes for a question/discussion time. Question time should start with the group giving the class some questions/challenges to respond to. The reminder of the time is an opportunity for the rest of the class to ask questions.
Not all team members need to talk as part of the presentation, but all should contribute to the development of the presentation and the report, and, if needed, to the answering of questions.
Although the presentation and report are obviously to be related, the presentation should not be a dump of the report or vice-versa. Students should add value to the slide as they present and use appropriate visual aids to explain their presentation.
The report should be about 4000 to 6000 words long, plus references. If it’s pure text you should likely be near the upper end of that range but in most cases you will be able to more e ciently represent some information in diagrams/tables/ gures. There is no need to include a cover page on the submitted version since it will be submitted through Moodle. The report should include details that need to be omitted in the presentation due to the lack of time.
Notes on submission
Submission is via Moodle. Please submit your report in pdf and your presentation in powerpoint or similar. The report may be processed through Turnitin so direct copying from websites and failure to appropriately reference will be picked up. Be sure to present the report in your own words or your group will be penalised.