CS5430 System Security (Fall 2023)

CS5430 Homework 1: Articulating Security Goals (Fall 2023)

General Instructions. You are expected to work alone on this assignment.

Due: Sept 8, 11:59pm. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution as .pdf, as follows:

Use 10 point or larger font.
Put each problem into a separate file and submit it to the correct CMS submission box for that problem.
Use at most 1 page per problem.

The example problem below illustrates the expected form of solutions. It is followed a problem for you to solve.

EXAMPLE PROBLEM: To assert that a system S is trustworthy, we must understand what S is expected to do, and what S is expected not to do. One step toward reaching that level of understanding is to write a description of the system in terms of the following elements (in this order)

Types of users. Each different user type is allowed to engage in potentially different activities. Enumerate the list of user types. For each user type, describe what those allowed activities are (including interfaces that would be accessed).
Assets and threat. What are the threats? What are the capabilities of each threat? What system assets is each threat motivated to compromise? Here, assets are system state and/or system operations (such as input/output).
Security policies. What security policies should be enforced to prevent threats from achieving their goals. List at most 6 of the security policies that you believe are the most critical. For each security policy, identify whether it is confidentiality, integrity, or availability.

Using this structure, a simple grade management system like CMS might be described as follows.

Types of users: All access to the system is through a web interface. Nobody has physical access to the server itself.
- student. Submits assignments provided the due date has not passed. Learns grade (perhaps with a grader's comments) for an assignment he/she submitted that has been graded. Learns summary statistics for any graded assignment.
- teaching assistant. Assigns grades to assignments, adding comments to explain flaws; can create new assignments; can alter submission deadline and other assignment characteristics.
- course administrator. Adds/removes students from class; adds/removes teaching assistants.
- professor. Can do anything a teaching assistant or course administrator can do.
Assets and threat: Assets include: system state that is recording the deadline and other characteristics of an assignmernt, assignment submission made by any student, grade assigned to any student for an assignment.
The threat is students who will attempt to access the server through its web site and read/change the values of any asset. The capabilities of this threat are the ability to write programs and the ability to send messages to the hosting system either directly or by using a web browser.
Security policies: The list given below is abbreviated and only intended to illustrate the appropriate level of detail---you might well include additional policies (up to a total of 6).

Write a description using the above style for the following system. The description should be structured as three separate parts (types of users, assets and threat, security policies), where each part has roughly the same level of detail as given above.

Simple Social Networking Site. A friends list is a list of ordinary users. Each ordinary user is the sole owner of multiple friends-lists. The owner of a friends-list is responsible for setting the content on the list.

An ordinary user may post a message to one or more of the friends-lists that ordinary user owns. An ordinary user U who is listed on a friends-list is able to read messages that have been posted to that friends-list, but U is not able to read other messages. The sender of a message is revealed to any user who is authorized to read that message.

A system administrator adds and deletes ordinary users to the system. The system administrator deletes an ordinary user U from the system by (i) deleting all of the friends-lists owned by U and (ii) deleting U from all of the friends lists owned by any user.