Comp 527: Assignment 1: Secure Web Services
up to main page
Final due date: Monday, February 8, 11:59am (but see below)
The newspaper editors are running around, waving their hands in the air.
They're trying to explain the system they want you to build, but you were
never all that good at understanding rural accents. Here's what you've
got scrawled on your notepad after the meeting:
- each reporter and copy editor works for one section
- reporters submit articles, copy editors clean them up, section editors decide what goes in their section
- once copy editors start, reporters can't edit the text
- senior editors have the final say and can edit or reject anything, even changing the section of an article
- senior editors want to see a draft of tomorrow's paper before pushing it to the Web for everybody to see
- senior editors change around the job assignments, but only rarely
- one computer has to do everything, even handle customer Web services
- reporters want to file stories over the Web from anywhere they happen to be
Assignment
Your assignment is to design, build, and discuss a secure
system that satisfies the informal specs above. This is an instance
of what is sometimes called a workflow system.
- 1) Formalize the security policy
- Write down, in some kind of mathematical notion, what the security
policy of the system must be.
- 2) Design the security architecture
- Expressed in terms of your security policy, show how you can use
underlying Unix security controls (file security bits, file owners and groups,
and so forth) or will need to invent your own.
- 3) Argue for the correctness of your architecture
- Discuss different kinds of attacks and show how your architecture
enforces your policy.
- 4) Implement the system
- You will start with an off-the-shelf Web server (THTTPD, Apache, or
any other) running on the operating system of your choice and you will
implement a system, using your security architecture, that satisfies
your security policy.
This is just a prototype, so don't stress about fancy graphics and layouts.
Reporters can submit articles in plain text and you can display them that
way as well. Likewise, you're not expected to fix every security hole in
the OS. However, when you're done, you need to...
- 5) Convince me your implementation is secure
- Discuss the software you built in terms of standard security criteria.
What assurance do I have that you can resist attacks? What assurance
do I have that bugs in one part of your implementation won't impact
the whole system? Feel free to admit compromises you made and attacks
to which you're vulnerable.
Each of the written sections here should be at most a page long.
The whole business should be in demoable shape by the due date.
E-mail a pointer
to a Web page with the written portion of your assignment and
instructions for how to access your server. Make sure you also
have pointers to your source code, in case I want to read it.
Hints
Somebody in your group should immediately start playing with Web
servers and figure out how to write plugins, CGI scripts, or
whatever technology you choose to use. You might consider
avoiding `basic auth' and focus your efforts on how to use cookies
properly. You may design your system to assume the server is running
SSL, even if it isn't.
Since you've only got about two weeks to work on the assignment, you
need to be economical with your work. If your implementation isn't as
fancy as your security architecture, that's okay. If you had to leave
something out or require some ugly command-line tool, that's okay
as well. Just be sure to discuss the limitations in your write-up.
I would be surprised if you need to write more than 1000 lines of code.
Resources
Generally speaking, any Unix machine on campus can run a Web server
(just not on port 80). Some of you have machines in your dorm rooms
that you own and can run anything you want. That's fine, too. Your group
needs to quickly decide how you will manage your software development
and deployment and get on with it.
The powers-that-be have declared that you're
not supposed to run a Web server on a CS machine. They're paranoid that
your Web server may accidentally leak sensitive documents to the outside
(least common mechanism: put the insecure/buggy Web server on somebody
else's filesystem). So, you have to either use a machine you own
(i.e., in your dorm room) or you have to use Owlnet.
Li Xu has written up a
tutorial on configuring and writing scripts for Apache. Check it out!
Group Management
The minimum size for a group is two. The maximum size is three. Once
you've formed up, send me a quick e-mail to
announce your group. Please do this ASAP.
Deadlines
The complete system is due Monday, February 8, 11:59am. Your security
policy and architecture write-up (sections 1 through 3) are due Friday,
January 29, 11:59am.
Dan Wallach,
CS Department,
Rice University
Last modified: Wed Jan 27 11:45:08 CST 1999