Security framework
Recently, there have been several cases of someone losing possession of their Twitter account in a hacking attempt. Review the following two stories:
How Apple and Amazon Security Flaws Led to My Epic Hacking
How I Lost My $50,000 Twitter Username
Develop an attack tree for stealing a Twitter handle that encompasses the basics of these attacks, as well as other threat vectors you can think of. Your tree should include at least 25 nodes and be comprehensive. For an explanation of attack trees, refer to the following article: Schneier on Security
2 Evaluation Framework
In this question you will develop your own evaluation framework (like the one from the lecture on password alternatives) I ATTACHED . First choose a problem with a security aspect that has at least 4 competing solutions (try to come up with your own topic, however a few suggestions are below). To compare these solutions, come up with at least 3 security criteria and at least 3 non-security criteria (functionality, usability, deployability) that would be desirable for the solution to hold (ideally, they will conflict in such a way that no solutions will hold all of them). Determine a score for the evaluation of each property. The example in Lecture 2 used three scores: the solution did not meet the criteria, it almost held the property, and it fully held the property.
Explain each criteria, and exactly what must be true of the solution to get each possible score in your ranking. Then evaluate each solution against each criteria, justifying your score. Summarize this in a chart.