In this assignment, you are asked to determine the security objectives, policy, threats and requirements for a simple software application. You are also asked to write a (partial) specification document that incorporates the security requirements that is intended to be used by developers to implement the application. The specification will also provide the basis for creating a security test plan for the application.
The application is called an “Address Book Appliance” (ABA). It is nothing more than a simple, Linux command line database program. It prompts users to enter commands, which allows users to save and retrieve records. An admin user manages unique user accounts that each store records separately from other accounts. The admin may not create an address database, but can only manage user accounts. I won’t say more than that about the security objectives of the system, but here is a list of the commands available to regular (non-admin) users:
- Add record – ADR <recordID> [field1=value …<field1=value1><field2=value2>]
- Delete Record – DER <recordID>
- Edit Record – EDR <recordID> [field1=value…]
- Read Record – RER [<recordID>] [
…] - Import Database – IMD <Input_File>
- Export Database – EXD <Output_file>
- Help – HLP [<command name>]
- Exit – EXT
Your first job is to identify the high-level security objectives, system security policy, scenario-based threat analysis, and detailed set of security requirements for the system. Write this up as a report for engineering management and justify all of your decisions. Here is an example of a software requirements document template: https://web.cs.dal.ca/~hawkey/3130/srs_template-ieee.doc. Don’t worry about the performance, safety, and other requirements; just create the security requirements. Do not be fooled that the security requirements in this template are considered to be non-functional.
The second part of the assignment is to write an interface specification document that can be used by developers who are implementing the application and that reflects all of the security requirements. For each of the database commands above, what are the security-relevant checks that must be performed, what are the completion status codes that will be returned, and in what order? Furthermore, what additional commands (if any) might be necessary for users and admins specifically for security? Add those to the document. Remember, the specification just specifies the interface – commands, inputs, and outputs, and changes to the internal databases that are detectable using additional commands – but does not specify the implementation! You can see an example of a c-language interface specification for one of the calls to the GEMSOS kernel here
.
Justify every choice you make with a clear rationale, but put the rationales in an appendix to the main specification document. We don’t want to confuse the developers.
0 comments