CS5430 System Security - Phase II Deliverable

CS5430 Project: Phase II Deliverable (Spring 2013)

Your Phase II deliverable should be a relatively short document that describes the security properties your system will enforce.

The deliverable should be submitted to CMS as a .pdf, .txt, .doc or .docx. Use 10 point font or larger, "single" line spacing, and at least 1 inch margins. The entire document should be at most 5 pages (single-sided) and likely will be a lot shorter.

The document should give a description of the threat you target, followed by a list of security properties. Each item in the list should state a security property and explain how the system will enforce that property. For example, in a write-up for a "Networked Banking System" we might find the following.

Title

Threat(s): (1) Passive and active wiretappers. (2) Human users who have physical access to automated teller machines. (3) Operators who have access to the consoles that control server machines. (4) However, no humans have physical access to server hardware.

Security Properties

Property: Bank account numbers or information about balances in transit on the network cannot be viewed or changed by wiretappers.
Enforcement: Each branch has a private key. Messages between bank branches are digitally signed and encrypted using these keys.
Property: Only the human who has privileges for a bank account can initiate transactions that reveal the balance or cause withdrawals from the bank.
Enforcement: Human users will be authenticated using 2-factor authentication---a PIN and a USB token. In addition, each bank server implements an authorization mechanism that blocks access to accounts unless the requester is running for an authenticated user with privileges to access that account.
...

We will evaluate your Phase II submission against criteria listed below.

Whether the threat is described clearly and is realistic given the intended purpose of the system.
Whether the list of security properties is complete and reasonable for the system being built.
Whether sensible means of enforcement is being proposed for each security property.