CS5430 Homework 1: Articulating Security Goals (Fall 2022)

General Instructions. You are expected to work alone on this assignment.

Due: Sept 11, 11:59pm. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution as .pdf, as follows:

This assignment has 3 separate problems.
PROBLEM 1: To assert that a system S is trustworthy, we first must understand what S is expected to do, and what S is expected not to do. One step toward reaching that level of understanding is to write a description of the system in terms of the following elements (in this order)

Example. Using this structure, a simple grade management system like CMS might be described as follows.

Write a description using the above style for the following system. The description should be structured as three separate parts (types of users, assets and threat, security policies), where each part has roughly the same level of detail as given above.

Contract-tracing app for monkeypox. Contact tracing for controlling the spread of a disease like monkeypox might be implemented by having a cellphone app --- we will call it APP --- and a set of protocols, whereby each person is informed after they have come into contact with a contagious person but never learns the identity of that contagious person. We assume

Many contact tracing protocols in this class employ a third party, which we call CDC, that maintains a database but might not be trusted.

PROBLEM 2: Cornell faculty members are permitted to make casual use of Cornell-owned computing systems to support outside activities, such as advising governments and advising companies. That means Cornell-owned computing systems, which are controlled by Cornell's CIT staff, are storing information about non-Cornell activities.

A new policy statement is being written to define the reasonable expectations by faculty engaged in this use of Cornell-owned computing systems. Cornell's legal team has asked your help in choosing between two wordings for a statement about expectations faculty can have about information Cornell is storing:

  1. "Cornell will keep private any information it is storing"
  2. "Cornell will keep confidential any information it is storing"
What do you recommend? Why?

PROBLEM 3: A new company --- Web Auth services --- has made considerable investments to test and verify a new authorization module AS that they will sell. In light of those investments, Web Auth services claims that AS is trustworthy, and there is reason to believe that claim is valid.

Module AS assumes that any request R it receives already has been authenticated. Upon receipt of a request, AS outputs "Approved" or "Denied" depending on whether the principal named in R should be allowed to access the file named in R.

You are going to build a service that depends on a distributed system D that uses AS to implement authorization. Given that AS is trustworthy, should your system trust authorization decisions that D makes? Explain why or why not.