CS5430 System Security - Articulating Security Goals (Fall 2020)

To assert that a system S is trustworthy, we first must understand (i) what S is expected to do, and (ii) what S is expected not to do. One way to reach that level of understanding is to write a description of the system in terms of the following elements (and in this order)

Example: Grade Management System

Using the above structure, a simple grade management system might be described as follows.

Exercise: Secure 1-way anonymous communication

An app runs on a computer and enables communication of text messages with another user who is running a copy of the app. The app communicates with a cloud-based service, which reformats and relays messages. The recipient of a message does not learn the sender's identity but can issue a reply that will be delivered to the original sender.