<![CDATA[
# A1: Security Policies
**Deadline:** Tuesday, January 23, 2024 @ 11:59 pm PT
## Problem 1
Consider the following web-based email system. Users login by visiting a
pre-specified URL for the system and then entering both an identifier (i.e., a
username) and a password. This starts a session that is associated with the
specified identity. The system then displays in a preview frame a list of
messages that have been sent to that identity and have not been deleted during
this or some prior session associated with that identity. Here, for each
message, the name of the sender and the contents of the message are displayed.
During a session, a user can:
1. Click on an icon to generate a reply to the message the user is currently
viewing. The user then types the body of the reply. That reply later becomes a
message that will be available for viewing by the sender of the original
message to which this serves as a reply.
2. Click on an icon to generate a new message. The user then enters an
identity of some receiver and enters a body for the message. That body is
incorporated into a message that will be available for later viewing by the
intended receiver.
3. Click on an icon to delete the message that the user is currently viewing.
4. Click on an icon to end the session.
However, if 15 minutes elapses during which no action is taken by the user,
then the system automatically terminates the session.
**Threat model:** The adversary is a user who desires to read email, generate
bogus email, and/or alter email that has been generated by bona fide users.
The adversary has access to the URL for the mail system and also can read,
delete, and/or update network packets in transit. The adversary cannot
physically access or run programs on a user’s machine that is running a
browser to access the mail system. And the adversary cannot physically access
or run programs on the mail system server.
**To Do:** Construct a list of security goals for this system. Try to be
comprehensive. For each security goal, label it with one of: confidentiality,
integrity, or availability. Be sure to include at least one of each type goal.
**What to submit:** a pdf file entitled `goals.pdf` containing your labeled
security goals.
## Problem 2
The <a href="https://www.pomona.edu/administration/its/policies/appropriate-use-policy">Claremont Colleges Policy Regarding Appropriate Use of Campus
Computing and Network Resources</a> is, in part, a security policy that
stipulates appropriate usage of computer systems at the Claremont Colleges.
As a student studying computer security, you obviously need to know your
responsibilities with respect to that policy. And as a security expert, you
might some day be asked to write such a security policy or to evaluate
somebody’s actions relative to a policy. So study the policy, then consider
the following problem.
Suppose that a CS 181S student discovers a vulnerability that can be exploited
to bypass the usual authentication used to login to Claremont Colleges systems.
Such exploitation would enable an attacker to login under any userID of their
choice, thus impersonating any member of the community. The attack would yield
access to all email, student grades, and student financial statements.
**To Do:** Discuss whether each of the following behaviors is permitted by the
Claremont Colleges Policy linked above:
1. The student programs a tool that accomplishes the attack. The student uses
the tool, but only to read files they are already allowed to access with their
userID.
2. The student programs a tool that accomplishes the attack. The student
doesn’t actually use the tool but posts it to a well-known website, along with
instructions for use of the tool.
3. The student does not program an attack tool but does post a discussion of
how the attack would work to the “Overheard Claremont Colleges” Facebook page
(i.e., a well-known public website). The discussion contains sufficient
technical details to enable a CS major to program an attack tool.
Explain your reasoning. You will be evaluated in part on how well-supported
your arguments are. It is to your advantage to
quote specific excerpts from the policy that support your arguments.
**What to Submit:** A pdf named `policy.pdf` that contains your solution to
Problem 2.
## Feedback
To help me ensure that the workload in this course is reasonable, and to help
me improve future iterations of this course, please answer the following
questions:
1. How long did you spend on this assignment?
2. Any comments or feedback on this assignment?
**What to submit:** A text file `feedback.txt` containing your answers to the
two feedback questions.
### Collaboration Policy
This assignment may be completed either individually or in pairs. If you work
in a pair (which is encouraged!), one student from each pair should submit
the assignment. You are also allowed (and encouraged) to discuss problems and
solutions with other students. Be sure to acknowledge any other students who
contributed to your final solution.
### What to Submit
Submit your three files `goals.pdf`, `policy.pdf`, and `feedback.txt` to
Gradescope. Make sure that you submit them together as one submission! You can
do this either by selecting multiple files or by uploading a zip file
containing your individual files.
Submissions that fail to follow the submission guidelines may be subject to a 10% deduction and/or disappointed looks (probably the latter).
]]>