CS5430 Homework 1: Articulating Security Goals (Fall 2023)
General Instructions.
You are expected to work alone on this assignment.
Due: Sept 8, 11:59pm.
No late assignments will be accepted.
Submit your solution using CMS.
Prepare your solution as .pdf, as follows:
-
Use 10 point or larger font.
-
Put each problem into a separate file and submit it to the correct CMS
submission box for that problem.
-
Use at most 1 page per problem.
The example problem below illustrates the expected form of solutions.
It is followed a problem for you to solve.
EXAMPLE PROBLEM:
To assert that a system S is trustworthy, we must understand
what S is expected to do, and
what S is expected not to do.
One step toward reaching that level of understanding is to write a description of
the system in terms of the following elements (in this order)
-
Types of users.
Each different user type is allowed to engage in potentially different activities.
Enumerate the list of user types.
For each user type, describe what those allowed activities are
(including interfaces that would be accessed).
-
Assets and threat.
What are the threats?
What are the capabilities of each threat?
What system assets is each threat motivated to compromise?
Here, assets are system state and/or system operations (such as input/output).
-
Security policies.
What security policies should be enforced to
prevent threats from achieving their goals.
List at most 6 of the security policies that you believe are the most critical.
For each security policy, identify whether it is confidentiality,
integrity, or availability.
Using this structure,
a simple grade management system like CMS might be described as follows.
-
Types of users:
All access to the system is through a web interface.
Nobody has physical access to the server itself.
- student.
Submits assignments provided the due date has not passed.
Learns grade (perhaps with a grader's comments)
for an assignment he/she submitted that has been graded.
Learns summary statistics for any graded assignment.
- teaching assistant.
Assigns grades to assignments, adding comments to explain flaws;
can create new assignments;
can alter submission deadline and other assignment characteristics.
- course administrator.
Adds/removes students from class;
adds/removes teaching assistants.
- professor.
Can do anything a teaching assistant or course administrator can do.
-
Assets and threat:
Assets include:
system state that is recording the deadline and other
characteristics of an assignmernt,
assignment submission made by any student,
grade assigned to any student for an assignment.
The threat is
students who will attempt to access the server through its web site
and read/change the values of any asset.
The capabilities of this threat are the ability to write programs
and the ability to
send messages to the hosting system
either directly or by using a web browser.
-
Security policies:
The list given below is abbreviated and only intended to illustrate
the appropriate level of detail---you might well include
additional policies
(up to a total of 6).
[Integrity]:
No student may change the grade on any assignment.
[Confidentiality]:
No student may learn the grade assigned to another student's assignment.
[Availability]:
If the due date has not passed then a student may submit an assignment.
....
Write a description using the above style for the following system.
The description should be structured
as three separate parts (types of users, assets
and threat, security policies), where each part has
roughly the same level of detail as given above.
Simple Social Networking Site.
A friends list is a list of ordinary users.
Each ordinary user is the sole owner of multiple friends-lists.
The owner of a friends-list is responsible for setting the content on the list.
An ordinary user may post a message to one or more of the friends-lists that
ordinary user owns.
An ordinary user U who is listed on a friends-list is able to read messages that have been
posted to that friends-list, but U is not able to read other messages.
The sender of a message is revealed to any user who is authorized to read that message.
A system administrator adds and deletes ordinary users to the system.
The system administrator
deletes an ordinary user U from the system by
(i) deleting all of the friends-lists owned by U and
(ii) deleting U from all of the friends lists owned by any user.