Optional: The Cuckoo's Egg

Due Sunday, December 10 by 10pm

Due Sunday, December 17 by 10pm

For an optional grade bump, read The Cuckoo’s Egg by Clifford Stoll, and submit a report as described below. Your report needs to be at least two pages, written using \(\LaTeX{}\). For full credit, the submission should include both your .tex file and a rendered .pdf. To submit, create a folder called bonus in your final project git repository, and put your files there. If you have a project partner, be sure that I can differentiate between the submissions.

How the Grade Bump Works

A good submission will boost your final grade according to the following scheme:

  • A \(\rightarrow{}\) A
  • A- \(\rightarrow{}\) A
  • B+ \(\rightarrow{}\) A-
  • B \(\rightarrow{}\) B+
  • B- \(\rightarrow{}\) B
  • C+ \(\rightarrow{}\) B-

… and so on.

This report is all or nothing. In order to receive this bonus, be sure to discuss all of the items below.

Report

Your at-least-two-page report should choose an attack witnessed by Clifford Stoll in The Cuckoo’s Egg and discuss it using the analytical tools we’ve discussed in this class. It should answer the following questions.

  1. At a high level, what is the attack? How does it work?
  2. What assets are affected by the attack?
  3. Why were those assets vulnerable?
  4. What was the source of the attack? What could be the motivation of attacker? Think about short-term and long-term goals.
  5. What effect did the attack have on the four key security properties for the assets in question? (CIAA)
  6. What is the cost of the attack for the attacker? Typical costs are time, money, and resources (like computing facilities or personnel).
  7. What is the cost of a successful attack on the defender?
  8. Is there a countermeasure to this attack? Did Stoll or any other parties implement any of these countermeasures? Why or why not? Be sure to consider the cost of the countermeasure here.
  9. Did this class of attack have any broader implications for society? For example, was it a common exploit that required a coordinated respose from the cybersecurity community? You will likely have to do a little research to find out.
  • CSCI 331: Introduction to Computer Security, Fall 2023

CS 331 course website

Powered by Bootstrap 4 Github Pages