2004年美國大學(xué)生數(shù)學(xué)建模競賽題目

1、2004年美國大學(xué)生數(shù)學(xué)建模競賽題目2004 Mathematical Con test in Modeli ng (MCM ) Problems原文下載網(wǎng)址： dergraduate/c on tests/(李炳照、王宏洲譯，葉其孝、吳慶寶校)A題：指紋是獨一無二的嗎？人們普遍相信每個人的指紋都是不同的。請研制并分析能評估這種說法是正確的可能性的模型，然后把你們在這個問題中發(fā)現(xiàn)的指紋識別 錯誤率與DNA識別錯誤率相比較。PROBLEM A: Are Fingerprints Unique?It is a com mon place belief that the thumbpri nt of

2、 every huma n who has ever lived is differe nt. Develop and analyze a model that will allow you to assess the probability that this is true. Compare the odds (that you found in this problem) of misidentification by fingerprint evidence aga in st the odds of miside ntificati on by DNA evide nce.B題：更快

3、的快通系統(tǒng)無論是在收費站、游樂場或其他地方正出現(xiàn)著越來越多的快通”系統(tǒng)以減少人們排隊等候的時間。請考慮一家游樂場的快通系統(tǒng)的設(shè)計。這家游樂場已經(jīng)為幾種受歡迎的乘騎項目提供快通系統(tǒng)的服務(wù)作為試驗。該系統(tǒng)的設(shè)計思想是對某些受歡迎的乘騎項目，游客可以到該娛樂項目旁邊的一個機器前并將當(dāng)天的門票插入,該機器將返回給你一張紙條，上面寫著你可以在某個特定的時間段回來。比如說你把你的門票在1:15pm插到機器里，快通系統(tǒng)就告訴你可以在 3:30 4:30pm回來，你可以憑你的紙條第二次排隊，這時隊伍可能比較短， 你就可以較快進入景點.為了防止游客同時在幾個乘騎娛樂項目上使用這個系統(tǒng)。一個顧客在同一時刻只能得到

4、一次快通系統(tǒng)的服務(wù)。為改進快通系統(tǒng)的運作你們隊被聘為幾個合格的顧問之一.游客一直在抱怨該試驗系統(tǒng)的一些異?，F(xiàn)象.比如說,顧客有時看到快通系統(tǒng)提供的回到景點時間是4小時以后.但是才過一小會，在相同的景點系統(tǒng)所提供的回到景點的時間只有1小時或稍多一點時間。有時按照快通系統(tǒng)安排的游客的人數(shù)和等待時間幾乎和正常排隊的人數(shù)和所花費的時間一樣 多。于是問題就是要提出并檢驗?zāi)芴岣呖焱ㄏ到y(tǒng)效率的方案以使人們可以更多地享受在游 樂場的休閑時光。問題的一部分是要確定評估各種可供選擇的方案的評價準則。你們的報告中要包括一份非技術(shù)性的概述，以便游樂場主管從各個顧問所提出的可供選擇的方案中作出 選擇。第極指紋測試中心P

5、ROBLEM B: A Faster QuickPass SystemQuickPass systems are increasingly appearing to reduce peoples time waiting in line, whether it is at tollbooths, amusement parks, or elsewhere. Consider the design of a QuickPass system for an amusement park. The amusement park has experimented by offering QuickPa

6、sses for several popular rides as a test. The idea is that for certain popular rides you can go to a kiosk near that ride and insert your daily park entrance ticket, and out will come a slip that states that you can return to that ride at a specific time later. For example, you insert your daily par

7、k entrance ticket at 1:15 pm, and the QuickPass states that you can come back between 3:30 and 4:30 pm when you can use your slip to enter a second, and presumably much shorter, line that will get you to the ride faster. To prevent people from obtaining QuickPasses for several rides at once, the Qui

8、ckPass machines allow you to have only one active QuickPass at a time.You have been hired as one of several competing consultants to improve the operation of QuickPass. Customers have been complaining about some anomalies in the test system. For example, customers observed that in one instance Quick

9、Passes were being offered for a return time as long as 4 hours later. A short time later on the same ride, the QuickPasses were given for times only an hour or so later. In some instances, the lines for people with Quickpasses are nearly as long and slow as the regular lines.The problem then is to p

10、ropose and test schemes for issuing QuickPasses in order to increase peoples enjoyment of the amusement park. Part of the problem is to determine what criteria to use in evaluating alternative schemes. Include in your report a non-technical summary for amusement park executives who must choose betwe

11、en alternatives from competing consultants.2004 年美國大學(xué)生交叉學(xué)科建模競賽題目2004 Interdisciplinary Contest in Modeling （ICM） Problem原文下載網(wǎng)址： （李炳照、王宏洲譯，葉其孝、吳慶寶校）安全與否？你大概聽說過計算機黑客和計算機病毒。 除非你的計算機遭到過黑客或病毒的攻擊你或 許不知道它們能怎樣影響個人或機構(gòu)的。 如果一臺計算機受到黑客或者病毒攻擊， 那么其中 重要的個人信息和軟件就有可能丟失。正在考慮創(chuàng)建一所新的大學(xué)校園， 你們的任務(wù)是對這所大學(xué)的信息技術(shù) （IT ）安全性的 風(fēng)險評估建

12、立模型。下面的敘述給出了一些背景材料以幫助你形成有關(guān)檢驗 IT 安全性的方 案。明確的任務(wù)將在后面給出。通過多個防御層來防止計算機系統(tǒng)遭受惡意活動的攻擊。 包括政策層和技術(shù)層 （圖 1, 預(yù) 防性的防御措施 （略 ）兩者在內(nèi)的這些防御層將會對機構(gòu)的風(fēng)險類型產(chǎn)生各種不同的影響 （圖 2, IT 系統(tǒng)經(jīng)濟風(fēng)險的示意圖 （略）。管理和使用方面的政策處理用戶怎樣和機構(gòu)的計算機和網(wǎng)絡(luò)相互作用以及員工（系統(tǒng)管理員 ）怎樣維護網(wǎng)絡(luò)。這些政策可以包括密碼驗證，正式的安全審核，使用跟蹤，無線設(shè)備 的使用， 有關(guān)可移動媒體的關(guān)注， 個人應(yīng)用的限制和用戶培訓(xùn)。 一種實例性的密碼政策可以 包括對密碼的長度和密碼所用字

13、母的要求， 更改密碼的頻率以及允許登錄錯誤的次數(shù)。 每一 個政策方案都包含與其執(zhí)行相關(guān)聯(lián)的直接的費用以及影響到生產(chǎn)效率和安全性的因素。 在圖 1 中，只對最高層面作了詳細說明，其實每個層面的結(jié)構(gòu)都是同樣的。安全狀況的第二個方面就是檢測、 減輕和挫敗來自內(nèi)部和外部兩方面用戶的未經(jīng)授權(quán)的 活動的一組技術(shù)方案。 這些技術(shù)方案涵蓋了軟件和硬件兩個方面， 還包括入侵檢測系統(tǒng) （IDS = Intrusion Detection Systems） ，防火墻，防病毒系統(tǒng)，易受攻擊的掃描儀和冗余備份等。比 如說， IDS 監(jiān)視并記錄某一特定計算機或來自具有調(diào)查數(shù)據(jù)并能提供識別可疑活動“犯罪之后”的偵破能力的網(wǎng)

14、絡(luò)上的重要事件。 SNORT（） 是一個廣受歡迎的 IDS 方案。 圖 1 提供了一個關(guān)鍵防御措施的樣本 （管理 /使用的政策和技術(shù)解決方案 ）。和政策一樣 , 技術(shù) 解決方案也有其直接的費用以及影響到生產(chǎn)效率和安全性的因素。To Be Secureor Not to Be?You probably know about computer hackers and computer viruses. Unless your computer has been targeted by one, you may not know how they could affect

15、an individual or an organization. If a computer is attacked by a hacker or virus, it could lose important personal information and software.The creation of a new university campus is being considered. Your requirement is to model the risk assessment of information technology (IT) security for this p

16、roposed university. The narrative below provides some background to help develop a framework to examine IT security. Specific tasks are provided at the end of this narrative.Computer systems are protected from malicious activity through multiple layers of defenses. These defenses, including both pol

17、icies and technologies (Figure 1 Preventative Defensive Measures), have varying effects on the organization rissk categories (Figure 2 Economic Risk Schematic for IT Systems).Management and usage policies addresshow users interact with the organization comsputers and networks and how people (system

18、administrators) maintain the network. Policies may include password requirements, formal security audits, usage tracking, wireless device usage, removable media concerns, personal use limitations, and user training. An example password policy would include requirements for the length and characters

19、usedin the password, how frequently they must be changed,and the number of failed login attempts allowed. Each policy solution has direct costs associated with its implementation and factors that impact productivity and security. In Figure 1, only the topmost branch is fully detailed. The structure

20、is replicated for each branch.The second aspect of a security posture is the set of technological solutions employed to detect, mitigate, and defeat unauthorized activity from both internal and external users. Technology solutions cover both software and hardware and include intrusion detection syst

21、ems (IDS), firewalls, anti-virus systems, vulnerability scanners, and redundancy. As an example, IDS monitors and records significant events on a specific computer or from the network examining data and providing an “ afterthe fact ”forensic ability to identify suspect activity. SNORT (

22、) is a popular IDS solution. Figure 1 provides a sample of key defensive measures (management/usage policies and technology solutions). As with a policy, a technology solution also has direct costs, as well as factors that impact productivity and security.信息安全風(fēng)險的來源包括 (但并不限于 )機構(gòu)內(nèi)部或者外部的人或硬件(圖2)。不同的預(yù)防性

23、防御措施(圖 1)可能在防御內(nèi)部威脅比防御來自計算機黑客的威脅更有效。另外， 外部威脅的動機往往不同， 這也可能需要不同的安全措施。 比如說， 對付一個正試圖檢索私 人數(shù)據(jù)或客戶數(shù)據(jù)庫的入侵者和對付一個正試圖癱瘓網(wǎng)絡(luò)的入侵者很可能要采取極不同的 斗法。屬于機構(gòu)可能要面對信息安全方面的潛在費用包括機會成本(圖 2) (校注 : 企業(yè)管理當(dāng)局沒有作出一項決策或未能利用一個能帶來更多收益的機會(例如投資項目 ), 失去的收益就是機會成本 )、人員費用和預(yù)防性防御措施的費用。重要的機會成本主要包括：訴訟的賠償 金，私人數(shù)據(jù)的丟失，消費者的信心，直接收入的丟失，重建數(shù)據(jù)，重建服務(wù)。每種花費根 據(jù)機構(gòu)規(guī)模

24、的不同而不同。 比如說， 大學(xué)的衛(wèi)生保健院由于在應(yīng)訴、 病人醫(yī)療記錄可用性方 面的損失比之于重建服務(wù)系統(tǒng)需要更大的潛在費用。機構(gòu)可以通過風(fēng)險分析來評價潛在的機會成本。風(fēng)險可以被分成三個風(fēng)險類型；機密性，完整性和可用性。組合起來，這些分類確定了機構(gòu)的安全狀況。每種風(fēng)險類型都會對取決于機構(gòu)的任務(wù)和要求的費用產(chǎn)生影響。機密性指的是保護數(shù)據(jù)不向未經(jīng)授權(quán)的訪問者公開。如果衛(wèi)生保健院的記錄數(shù)據(jù)因疏忽而被公開或者被盜，那么該院可能面臨嚴重的訴訟。數(shù)據(jù)的完整性是指數(shù)據(jù)的狀態(tài)不被改變。如果入侵者修改了某些產(chǎn)品的定價信息或者刪除了全部的數(shù)據(jù)集，機構(gòu)將會面臨的代價是：與改正由于受錯誤數(shù)據(jù)影響的交易相關(guān)聯(lián)的費用、與重

25、新建立正確價值相關(guān)聯(lián)的費用以及消費者信心以及收入方面的可能的損失。最后，可用性是指包括數(shù)據(jù)和服務(wù)的資源對授權(quán)用戶的可利用的。這種風(fēng)險可以用和機密性、完整性類似的方式從財政上表明自己。為增加機構(gòu)安全狀況所執(zhí)行的每一種措施都會(正面或反面地)影響到這三種風(fēng)險類型。每當(dāng)實施一種新的防御安全措施時，它將會改變當(dāng)前的安全狀況以及緊隨其后的潛在的機會成本。機構(gòu)所面臨的一個復(fù)雜的問題是怎樣在他們的潛在的機會成本對保護其IT基本設(shè)施(預(yù)防性的保護措施)費用的平衡。第極指紋測試中心Sources of risk to in formati on security in elude, but are not li

26、mited to, people or hardware within or outside the organization (Figure 2). Different preventive defensive measures (Figure 1) may be more effective aga inst an in sider threat tha n a threat from a computer hacker. Additi on ally, an external threat may vary in motivation, which could also indicate

27、 different security measures. For example, an intruder who is trying to retrieve proprietary data or customer databasesprobably should be combated much differently from an intruder who is trying to shut down a network.Potential costs due to information security that an organization may face (Figure

28、2) include opport unity cost, people, an d the cost of preve ntative defe nsive measures.Sig ni fica nt opport unity costs in clude: litigati on damages, loss of proprietary data, con sumer con fide nee, loss of direct revenue, reconstruction of data, and reconstruction of services. Each cost varies

29、 based on the profile of the organization. For example, a health care component of the university might have a greater potential for loss due to litigation or availability of patient medical records than with reconstruction of services.An orga ni zati on can evaluate pote ntial opport unity costs th

30、rough a risk an alysis. Risks can be broke n dow n into three risk categories; con fide ntiality, in tegrity, and availability. Comb in ed, these categories define the organization security posture. Each of the categories has different impacts on cost depe nding on the missi on and requireme nts of

31、the orga ni zati on. Con fide ntiality refers to the protect ion of data from release to sources that are not authorized with access. A health care organization could face significant litigation if health care records were inadvertently released or stolen. The integrity of the data refers to the una

32、ltered state of the data. If an intruder modifies pricing information for certain products or deletes entire data sets, an organization would face costs associated with correcting transactions affected by the erroneous data, the costs associated with recon struct ing the correct values, and possible

33、 loss of con sumer con fide nee and revenue. Finally, availability refers to resources being available to an authorized user, including both data and services. This risk can mani fest itself finan cially in a similar manner as con fide ntiality and in tegrity.Each measure impleme nted to in crease t

34、he security posture of an orga ni zati on will impact each of the three risk categories (either positively or negatively). As each new defensive security measureis implemented, it will change the current security posture and subsequently the potential opportunity costs. A complicated problem faced b

35、y organizations is how to balance their potential opportunity costs against the expense of securing their IT infrastructure (preventative defensive measures).任務(wù) 1： Rite-On 咨詢公司交給你們的任務(wù)是要研制一個模型，該模型可以用來確定一所 新大學(xué)適當(dāng)?shù)?IT 安全水平所需要的正確的政策和技術(shù)增強。當(dāng)要申請開張一所新大學(xué)時的 即刻需要是 確定能使和采購、 維護與系統(tǒng)管理員的培訓(xùn)等各項費用一起極小化機會成本的各 種預(yù)防性防御措施的最

36、佳組合。Rite-On簽約了一批技術(shù)人員去搜集用來支持IT安全規(guī)劃的當(dāng)前的技術(shù)規(guī)范。 一些可能采取的防御措施編目的詳細技術(shù)數(shù)據(jù)包含在附件中的表格A 與表格 B 中。 準備這些數(shù)據(jù)表的技術(shù)人員提示說，當(dāng)你組合這些防御措施時，在機密性、完 整性和可用性及其相互之間的累積效應(yīng)不能只是簡單的相加。打算新建的大學(xué)系統(tǒng)有 10 個學(xué)術(shù)系，一個校際體育部，一個招生辦公室，一家書店， 一個教務(wù)辦公室 （成績和學(xué)術(shù)狀況管理 ），一個可容納 15,000 名學(xué)生的綜合宿舍樓。 大學(xué)預(yù)期 有 600 名職員和教員（不包括 IT 支持人員）來完成日常的工作。 學(xué)術(shù)系將維護 21 個計算機 實驗室 （每個實驗室有 30

37、 臺計算機 ）以及 600 名職員和教員所使用的計算機 （每個雇員一臺計 算機 ）。宿舍中的每個房間配備兩個可以高速接入校園網(wǎng)的接口。預(yù)計每個學(xué)生都將有一臺 計算機。其他部門 /機構(gòu)所需的計算機數(shù)量現(xiàn)時還無法預(yù)測。已知書店將有一個 WEB 站點并能提供網(wǎng)上售書服務(wù)， 教務(wù)辦公室將維護一個 WEB 站點便于學(xué)生可以查詢付費情況和成績。 另外，行政辦公室、學(xué)生健康中心和體育部也將各自維護一個 WEB 站點。行政人員的平均年薪為 $38,000，教員的平均年薪為 $77,000。當(dāng)前的行業(yè)通常認為，管 理每個局域網(wǎng)需要雇傭 3到4個系統(tǒng)管理員， 另外，每 300 臺計算機需要雇傭 1個系統(tǒng)管理 員（

38、桌面支持）。另外， （WEB 主機或者數(shù)據(jù)管理系統(tǒng)的）每個獨立的計算機系統(tǒng)一般也是由 1 名系統(tǒng)管理員來管理的。表1列出了當(dāng)前沒有防御措施的IT機會成本的預(yù)測.各種不同風(fēng)險類型（C表示機密性、I 表示完整性而 A 表示可用性 ）在給定成本中所占的比例也在表1 給出。Task 1: You havebeentaskedbytheRite-On Consulting Firm to develop amodel that can be used to determine an appropriate policy and the technology enhancements for the pr

39、oper level of IT security within a new university campus. The immediate need is to determine an optimal mix of preventive defensive measures that minimizes the potential opportunity costs along with the procurement, maintenance, and system administrator training costs as they apply to the opening of

40、 a new private university. Rite-On contracted technicians to collect technical specifications on current technologies used to support IT security programs. Detailed technical data sheets that catalog some possible defensive measures are contained in Enclosures A and B. The technician who prepared th

41、e data sheets noted that as you combine defensive measures, the cumulative effects within and between the categories confidentiality, integrity, and availability cannot just be added.The proposed university system has 1 0 academicdepartments,adepartmentof intercollegiate athletics, an admissions off

42、ice, a bookstore, a registrar offsice （grade and academic status management）, and a dormitory complex capable of housing 15,000 students. The university expects to have 600 staff and faculty (non IT support) supporting the daily mission. The academic departments will maintain 21 computer labs with 3

43、0 computers per lab, and 600 staff and faculty computers (one per employee). Each dorm room is equipped with two (2) high speed connections to the university network. It is anticipated that each student will have a computer. The total computer requirements for the remaining department/agenciescannot

44、 be anticipated at this time. It is known that the bookstore will have a Web site and the ability to sell books online. The Registrar ffice will maintain a Web site where students can check the status of payments and grades. The admissions office, student health center, and the athletic department w

45、ill maintain Web sites.The average administrative employee earns $38,000 per year and the average faculty employee earns $77,000 per year. Current industry practice employs three to four system administrators (sys admin) per sub-network and there is typically one (1) sys admin (help desk support) em

46、ployee per 300 computers. Additi on ally, each separate system of computers (for web host ing or data ma nageme nt) is typically man aged by on e (1) sys adm in pers on.The current opportunity cost projection (due to IT) with no defensive measuresis shown in Table 1. The c on tributi on of various r

47、isk categories (C on fide ntiality In tegrity, an d Availability) to a given cost is also shown in Table 1.表1當(dāng)前機會成本和風(fēng)險類型的貢獻T Mt-1: Crnrrtt Opport ccsh nsd Ritk C itegon eoRtributM（歸因于IT的）機會成本數(shù)額風(fēng)險類型的貢獻OpportunrtyCosi (due toAmountRisk Category Cailribution&3.8000C (55%), (45%)Pwtary Ma loss51,500.000

48、C (70%). I (30%)Ccnsunec corifni 測強$2.900,000C (40%XAData RecocstrudfonS4D0.000II (100%)Serviw RecoistnjdnnSSO.OOO1 (100%)Dinect Revenue$250,000I (3C% A (?聞訴訟私人數(shù)據(jù)的丟失消費者的信心數(shù)據(jù)重建服務(wù)重建直接收入的損失任務(wù)2:我們知道技術(shù)性的規(guī)范隨時間變化很快。但費用，風(fēng)險類型和風(fēng)險的來源之間 的關(guān)系和相互影響的變化則比較慢一些。請針對任務(wù)1中的問題建立一個模型， 并使得這個模型有足夠的靈活性，既可以適應(yīng)技術(shù)能力的迅速變化，又可以移植應(yīng)用于不

49、同的機構(gòu)。精 心描述你在設(shè)計模型時所做的假設(shè)。 另外， 提供一個例子說明大學(xué)怎樣利用你的模型來確定 其最初的 IT 安全系統(tǒng)并定期對它進行更新。任務(wù) 3：為大學(xué)校長 準備一個 3頁左右 的描述你在任務(wù) 2中所建模型的優(yōu)點、弱點和靈 活性的 立場聲明 。另外，解釋一下從你的模型能推斷什么以及不應(yīng)該推斷什么。任務(wù) 4：如果你為一家提供 WWW 搜索引擎的商業(yè)公司(例如 Google, Yahoo, AltaVista,)建立IT安全模型，解釋兩者在初始風(fēng)險類型貢獻方面(表1)可能存在的差異。你為大學(xué)建立的模型同樣適用于 這些商業(yè)性公司嗎？任務(wù) 5：Honeynets 是為搜集廣泛的 IT 安全威脅

50、信息而設(shè)計的。 給你的主管寫一份兩頁 的備忘錄 對大學(xué)或者搜索引擎公司是否應(yīng)該考慮使用 honeynet 提出建議 . (校注 : Honeynet Project是一個由獻身于信息安全的安全專業(yè)人員的非盈利性研究組織.它創(chuàng)建于1999年4月，其全部工作就是開放資源(OpenSource)并與安全界共享.)任務(wù) 6：要想成為一個 IT 安全咨詢方面的領(lǐng)導(dǎo)者， Rite-On 咨詢公司必須能夠有效地預(yù) 見到信息技術(shù)的未來發(fā)展方向，并能夠向其他公司提出如何應(yīng)對未來信息安全風(fēng)險的建議。 在完成你的分析之后，為 Rite-On 咨詢公司的總裁寫一份兩頁的備忘錄，告訴他信息安全的 未來。另外，描述一下怎樣用你的模型來預(yù)測和應(yīng)對不確定的未來。注：原題中的圖 1 、圖2和附錄 1、附錄 2略Task 2: We know that technical specifications will change rapidly over time. However, the relations and interplay among costs, risk categories, and sources of ri