INFO 2222 Computing Security

INFO 2222 Computing 2 Usability and
Security (Final Exam)
Semester 1 – Main, 2020

You are asked to design a desktop web application that enables final exams to be administered
remotely for University of Sydney School of Computer Science. It should mimic a
conventional physical closed book exam as closely as possible. The website should allow
lecturers or examiners to upload a copy of the exam paper or set the questions directly into the
application, set the duration of the exam and invigilate the exam.
The exams at the School usually comes in two question formats – programming questions and
essay questions where students write paragraphs of text that includes equations and code
snippets to explain their answer. A major challenge to online examination is academic
misconduct. This includes, but is not limited to plagiarism, contract cheating and
impersonation. Your proposed design should attempt to minimise the possibility of academic
misconduct without detection.
You should submit a single report answering the questions below. As a report, it should not be
titled with the question titles, however you may find that your sections follow the questions
below. You should submit your report as a single PDF document. Your responses to these
questions are expected to be technical, not merely a high-level overview.
The report should not exceed the word limit of 5000 words. This does not include appendices,
figures and tables. You are not required to reach this word count limit, but you should include
as much detail as you feel is appropriate for the question. Your student identification number
(SID) should be written on the left header of the document. The file should be named [SID].pdf.

Question 1 – Privacy, Usability and Security (20 Marks)
i. Discuss the trade-offs between the security of the invigilation and the privacy of the
students.
ii. Present a scheme that ensures as best as possible that students either cannot cheat, or
will be detected if cheating, while also adhering to the University Privacy Policy, and
the NSW Privacy and Personal Information Protection Act 1998.
iii. Perform PACT analysis on the task of setting, sitting and invigilating for examinations.
a) If there are questions that arises during the analysis, create a list of questions and
explain why these questions are important to the success of the project.
b) Discuss factors that must be considered during design in order to cater the applica-
tion to individual users need and the organizational context.

2

Question 2 – Building the Scheme (10 Marks)
From the PACT Analysis and invigilation requirements:
i. Describe the infrastructure required to support the scheme you have proposed.
Diagrams modelling your system may be helpful here.
ii. Identify all relevant stakeholders.
iii. Within the context of the stakeholders and infrastructure, discuss in detail what
security goals this scheme must fulfil, and what the consequences are of failing to
fulfil them.

Question 3 – User Investigation (15 Marks)
Develop a user investigation plan to understand the context of use (if needed) when a student
sits for a programming exam. You do not need to conduct the investigation session. The inves-
tigation plan must be sufficiently detailed that another person reading the document can exe-
cute the plan and achieve the purpose of the investigation. Details that must be included in the
investigation plan:
Aim of the investigation
Choice of research method
Selection strategy
Number of users
Software/hardware needed to conduct the investigation
Analysis approach. Identify the different types of data expected to be collected and de-
scribe your analysis approach to convert the data into usable information.
If you think that a user investigation is not required, justify your decision and describe steps
that you would have taken to understand the context of use in place of the user investigation
plan.

Question 4 – Design and Design Rules (13 Marks)
Illustrate your initial design to explain to the client a typical student’s journey when he uses
the application to sit for a programming exam.
i. Draw a series of wireframes on paper to illustrate each screen that a student sees during
the task. You can use multiple sheets of paper if required. Make sure each sheet of paper
is labelled accordingly to indicate the sequence of viewing. Embed the sketches into
your report by scanning or taking a picture of them. Please note that the design of the
interface is being assessed in the question and not your drawing skills.
Do not use a prototyping software for this question.
ii. Explain design decisions that you made in your sketches in response to the factors that
you have identified in Question 1.3b.
3

iii. Explain Schneiderman’s Eight Golden Rules in your own words and use your
wireframes as an example of adherence or violation to the rule. If the wireframe violates
the rule, explain how you would fix it by re-sketching that wireframe.

Question 5 – User Evaluation (12 Marks)
Develop a usability test plan. The test plan must be sufficiently detailed that another person
reading the document can execute the plan to achieve the purpose of the conducting the session.
You do not have to conduct the test. Your plan must include:
Aim of the test
Preparation checklist that lists out all the resources needed to conduct the session. In-
clude a short explanation of the purpose of each resource during the test.
Procedures before, during and after the test.
Analysis approach. Identify the different types of data expected to be collected and de-
scribe your analysis approach to convert the data into usable information.

Question 6 – Threats (15 Marks)
Assuming that you have developed a paper prototype for your website and have a model of the
structure of the site:
i. Develop a threat model for the scheme you have proposed
ii. For each threat you should discuss what the threat is, its severity and the probability
with which the threat will occur.
iii. For each page in your paper prototype, consider each of the input fields and what attacks
are possible.

Question 7 – Controls (15 Marks)
For your threat model and attacks discussed in the previous question:
i. Suggest controls to mitigate or eliminate each threat.
ii. For each threat that cannot be mitigated or eliminated, propose controls to detect these
threats.
iii. Discuss any threats that cannot be detected or mitigated.

WX:codehelp

你可能感兴趣的:(安全)