CS5430 Homework 1: Articulating Security Goals

General Instructions. You are expected to work alone on this assignment.

Due: Sept 12, 11:59pm. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution as .pdf, as follows:

To assert that a system S is trustworthy, we first must understand (i) what S is expected to do, and (ii) what S is expected not to do. One step toward reaching that level of understanding is to write a description of the system in terms of the following elements (in this order)

Example. Using this structure, a simple grade management system like CMS might be described as follows.

Write a description in the above style for each of the following systems. The description for each system should be structured as three separate parts (types of users, assets and threat, security policies), where each part has roughly the same level of detail as given above.

Problem 1. Somewhat anonymous cloud-based secret email. The service runs in a cloud that is hosted by some third-party cloud-provider. A web front-end provides to ordinary users and law enforcement users (but no others) access to the service. Using this web front-end:

Problem 2. Crypto-currency exchanage. A web-based app that allows users to view their holdings in some selected set of crypto-currencies. The app also allows users to request the conversion of a holding in one crypto-currency to another crypto-currency. Per-user holdings are stored and managed by a server running in a third-party cloud.