

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Project; Class: Secure Computer Systems; Subject: Computer Science; University: Georgia Institute of Technology-Main Campus; Term: Spring 2007;
Typology: Study Guides, Projects, Research
1 / 2
This page cannot be seen from the preview
Don't miss anything!


Programming Project I CS 6238 Secure Computer Systems Due Date: March 29, 2007
For this project, you can work in a group of two.
In this programming project, you will implement a highly simplified “protected” document store. More specifically, you will implement an access control module that enforces specified access control policy for the documents. The focus of the project is on implementing an access control list mechanism but you will also implement space management associated with document storage. You can make the following simplifying assumptions in this project.
You will implement the access controller and the document storage systems along with code that tests the functionality provided by them. The test code will do multiple logins, obtain UIDs, create documents and groups, update access rights, check-in and checkout documents and clearly demonstrate that the system enforces the access policy that is defined. To make the testing more dynamic you should read simple commands from a file. By default, the owner of the document has both read and write access, but other users must be granted access by the owner (either to a specific user or to a group to which the user belongs).
The first task is to clearly define the document system API. Since you can use a programming language of your choice, the exact API calls may differ. You will then implement and demonstrate that the implementation works correctly. You are particularly required to pay close attention to secure coding practices (you may want to try fuzzing to ensure that there are no vulnerabilities such as buffer overflows).
You will need to submit a brief report that provides details of your design, implementation and testing that is performed by you. You will do a demonstration of your project to the TA who will ask you to handle a sequence of requests to the document system. A convenient user interface to the document system will help with such a demonstration. You should perform detailed testing and no test sequence will be made available in advance.
The evaluation rubric will be used:
If your code cannot handle bad input or found to have other vulnerabilities, the maximum credit you will get will be 50 points.