Comp 527: Assignment 1: Secure Web Services

up to main page

Final due date: Monday, February 8, 11:59am (but see below)

The newspaper editors are running around, waving their hands in the air. They're trying to explain the system they want you to build, but you were never all that good at understanding rural accents. Here's what you've got scrawled on your notepad after the meeting:

Assignment

Your assignment is to design, build, and discuss a secure system that satisfies the informal specs above. This is an instance of what is sometimes called a workflow system.

1) Formalize the security policy
Write down, in some kind of mathematical notion, what the security policy of the system must be.
2) Design the security architecture
Expressed in terms of your security policy, show how you can use underlying Unix security controls (file security bits, file owners and groups, and so forth) or will need to invent your own.
3) Argue for the correctness of your architecture
Discuss different kinds of attacks and show how your architecture enforces your policy.
4) Implement the system
You will start with an off-the-shelf Web server (THTTPD, Apache, or any other) running on the operating system of your choice and you will implement a system, using your security architecture, that satisfies your security policy.

This is just a prototype, so don't stress about fancy graphics and layouts. Reporters can submit articles in plain text and you can display them that way as well. Likewise, you're not expected to fix every security hole in the OS. However, when you're done, you need to...

5) Convince me your implementation is secure
Discuss the software you built in terms of standard security criteria. What assurance do I have that you can resist attacks? What assurance do I have that bugs in one part of your implementation won't impact the whole system? Feel free to admit compromises you made and attacks to which you're vulnerable.

Each of the written sections here should be at most a page long. The whole business should be in demoable shape by the due date. E-mail a pointer to a Web page with the written portion of your assignment and instructions for how to access your server. Make sure you also have pointers to your source code, in case I want to read it.

Hints

Somebody in your group should immediately start playing with Web servers and figure out how to write plugins, CGI scripts, or whatever technology you choose to use. You might consider avoiding `basic auth' and focus your efforts on how to use cookies properly. You may design your system to assume the server is running SSL, even if it isn't.

Since you've only got about two weeks to work on the assignment, you need to be economical with your work. If your implementation isn't as fancy as your security architecture, that's okay. If you had to leave something out or require some ugly command-line tool, that's okay as well. Just be sure to discuss the limitations in your write-up. I would be surprised if you need to write more than 1000 lines of code.

Resources

Generally speaking, any Unix machine on campus can run a Web server (just not on port 80). Some of you have machines in your dorm rooms that you own and can run anything you want. That's fine, too. Your group needs to quickly decide how you will manage your software development and deployment and get on with it.

New: The powers-that-be have declared that you're not supposed to run a Web server on a CS machine. They're paranoid that your Web server may accidentally leak sensitive documents to the outside (least common mechanism: put the insecure/buggy Web server on somebody else's filesystem). So, you have to either use a machine you own (i.e., in your dorm room) or you have to use Owlnet.

Li Xu has written up a tutorial on configuring and writing scripts for Apache. Check it out!

Group Management

The minimum size for a group is two. The maximum size is three. Once you've formed up, send me a quick e-mail to announce your group. Please do this ASAP.

Deadlines

The complete system is due Monday, February 8, 11:59am. Your security policy and architecture write-up (sections 1 through 3) are due Friday, January 29, 11:59am.
Dan Wallach, CS Department, Rice University
Last modified: Wed Jan 27 11:45:08 CST 1999