Homework 5: Analysis of System Security

Hard and soft deadline: Monday, May 11, 11:59 pm.

Reminder from the course syllabus: Your lowest homework grade will be dropped.

Out of the crooked timber of humanity, no straight thing was ever made.
—Immanuel Kant

Choose two of these four systems:

• Bitcoin
• Civitas
• Fabric
• Roeder and Schneider's proactive obfuscation system

For both of the systems you choose, write an analysis similar to those you have written for your password manager project. Your analysis of a system should include the following sections:

1. Requirements: Identify the system's threat model, assets, and security goals. This is essentially a limited version of your project requirements document.
2. Design: Report on the design of the Gold Standard (Authentication, Authorization, and Audit) components of the system. This is essentially a limited version of your project design document.
3. Assurance: Summarize and critique the assurance arguments that are presented for the system. You should include whether or not you found the arguments convincing and what you would have done differently. Note: you are not required to invent an assurance argument where none already exists.

You might need to do some independent research to identify sources of further information about the system. Be sure to cite those sources.

Note: If you choose Bitcoin, you will analyze Bitcoin itself, not Eyal and Sirer's attacks on it.

What to submit to CMS: A file named hw5.zip, itself containing two files named analysis_system1.pdf and analysis_system2.pdf, where system1 and system2 are elements of the set {bitcoin, civitas, fabric, proactive}. Each PDF should be 3–4 pages in length.