Thursday, July 5, 2012

Learning how to cheat

As a way to learn about security holes and defense, instructors told students they had 24 hours to memorize 100 digits of pi.  Upon protests, the students were told they only needed to answer the question, how they managed it was their choice.  Being caught cheating was the only way to fail.
Links first.  I learned about the research at Boingboing, and a PDF of the study is here. From the PDF:

We considered, but chose not to go as far as forcing students into a position where they must cheat on their own initiative, but without being told to do so. We believed this would place students into an unfair ethical dilemma, send the wrong message, and that most, if not all, students would simply fail the exam rather than cheat illicitly....
Students took diverse approaches to cheating, and of the 20 students in the course, none were caught...
One student hand wrote the answers on a blank sheet of paper (in advance) and simply turned it in, exploiting the fact that we didn’t pass out a formal exam sheet. Another just memorized the first ten digits of pi and randomly filled in the rest, assuming the instructors would be too lazy to check every digit. His assumption was correct....
Exploit Trust - Explicit or implicit trust models are exploitable opportunities. Despite our awareness that the students were cheating, we still inadvertently let our guard down. For example, we wouldn’t have stopped a student from using the restroom during the exam. During our group discussion, students suggested that going to the bathroom to cheat would have been an easy-to-implement approach. It is because of our inherent and unconscious trust that we leave ourselves open to exploitation in the physical world and online. As security professionals we must learn to think like the jaded police officer or prison guard who never takes statements and actions at face value....
Develop Backup Plans - Adversaries rarely seek to accomplish their objectives through a single, all or nothing plan. Several students demonstrated this principle by developing backup plans in case their primary cheating tactic was compromised.
I found the work interesting and want to find a way to use it myself.
Previously and Not Really Related: Economics of Caring about Cheating and creative students considered unethical.

No comments: