CS5430 Homework 1: Articulating Security Goals (Fall 2023)

General Instructions. You are expected to work alone on this assignment.

Due: Sept 8, 11:59pm. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution as .pdf, as follows:

The example problem below illustrates the expected form of solutions. It is followed a problem for you to solve.
EXAMPLE PROBLEM: To assert that a system S is trustworthy, we must understand what S is expected to do, and what S is expected not to do. One step toward reaching that level of understanding is to write a description of the system in terms of the following elements (in this order)

Using this structure, a simple grade management system like CMS might be described as follows.

Write a description using the above style for the following system. The description should be structured as three separate parts (types of users, assets and threat, security policies), where each part has roughly the same level of detail as given above.

Simple Social Networking Site. A friends list is a list of ordinary users. Each ordinary user is the sole owner of multiple friends-lists. The owner of a friends-list is responsible for setting the content on the list.

An ordinary user may post a message to one or more of the friends-lists that ordinary user owns. An ordinary user U who is listed on a friends-list is able to read messages that have been posted to that friends-list, but U is not able to read other messages. The sender of a message is revealed to any user who is authorized to read that message.

A system administrator adds and deletes ordinary users to the system. The system administrator deletes an ordinary user U from the system by (i) deleting all of the friends-lists owned by U and (ii) deleting U from all of the friends lists owned by any user.