Overview
This reading assignment is in two parts due on different days: the first reading is one of the most famous and thought-provoking papers on security, Ken Thompson's Reflections on Trusting Trust. Ken is renowned as the co-inventor of Unix, an achievement for which he won the ACM Turing Award, and this paper is his Turing award lecture. His talk and this paper shocked the computing field with it's startling demonstration of the vulnerabilities of software systems, and it's a really enjoyable paper to work through. You must submit answers to a brief set of questions on Thompson's paper.
The second reading was suggested by our guest lecturer, security expert Mary Ellen Zurko. There are no questions for this second reading.
Assignment
Please do the following:
- please read Ken Thompson’s Turing Award Lecture: Reflections on Trusting Trust and submit answers to the provided questions. You may resubmit your answers through end of day on Saturday November 09.
- By start of class on Tuesday November 12 please read Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat by Gregory Conti and James Caroland (Alternate link) For those who aren't familiar with it, the term Kobayashi Maru is discussed in this Wikipedia article.
Due dates
Due dates are as follows:- By start of class on Thursday November 07: read the Ken Thompson paper and make initial submissions of your responses to questions.
- By end of day on Saturday November 09: submit final revisions to your question answers (no need to resubmit if no updates needed)
- By start of class on Tuesday November 12: read the Kobayashi Maru paper (no submission due)
Getting the Questions
As with the distribution models assignment, short response True/False questions about the Ken Thompson paper are provided in an HTML files copies of which you can download. You must supply your answers by inserting them in the spaces provided in the downloaded HTML file, and when you are done, you must submit your answers using the usual Tufts CS department "provide" command. See instructions below. Your responses will be graded automatically by a script. Please respond only with the single letter T or F for True/False questions, or with the required word or term for others. Do not add commentary or explanations! The script will ignore them, and we will have to grade your work manually.
Review questions for this assignment - Download questions for this assignment
Submitting your answers
Download the HTML file with the questions using the link above. Fill in your answers, use your local browser to check formatting, and the HTML validator to make sure your HTML is correct. You may ignore warnings about character encodings. Then use provide to submit:
provide comp117 security securityquestions.html
Note that comp117 is lowercase; provide will choke if you get that wrong. As always, detailed grading will be done only on your final submission.