Assignment 1

Due Wednesday February 1, 2017 via sakai


Please answer the questions precisely and concisely. Every question can be answered in one or at most a few sentences. I will not have the patience to read long paragraphs or essays and you may lose credit for possibly correct answers.


Text: Ross Anderson, Security Engineering: Chapter 1, pages 3–15; Chapter 2, pages 17–22.
Intro to security engineering, intro to psychological factors. General reading and for questions 2–3.
Paper: J.V.Chelleth, S.M.Furnell, M.Papadaki, G.Pinkney and P.S.Dowland, Social Engineering: A growing threat, with diverging directions, from Section 3 of Advances in Networks, Computing and Communications 3, May 1, 2016, pages 178–184.
Discussion of social engineering [mirror]. General reading and for question 1.
Federal Deposit Insurance Corporation, Vacation Policies
For question 4 [mirror].
Article: Heidi N. Moore, Credit Suisse makes life a little harder for aspiring rogue traders, Marketplace, December 15, 2011.
Also for question 4 [mirror].
Paper: Ken Thompson, Reflections on Trusting Trust, Communications of the ACM, August 1984, Volume 27, Number 8, pages 761–763.
For question 5 [mirror].


  1. Briefly, what is social engineering?

  2. Define each of these concisely
    (a) What is policy?
    (b) What is mechanism?
    (c) What is assurance?

  3. What is meant by security theater?

  4. Why does the FDIC recommend that bank employees take periodic vacations?

  5. What is the purpose of the “learning” or “training” phase in Ken Thompson’s compiler example?