Secure Software Design: Project

Allikas: Lambda


The goal of the project work is to do security analysis of a "reasonably complex system". The analysis should be "design-level", meaning that the code level stuff (like buffer overflows) need not be covered.

The system

Previously mentioned "reasonably complex" system should have different kinds of users. Preferably, the users would have conflicting interests (i.e., the "good" users should have some conflict). The system does not have to exist. It is also possible to imagine a system and analyze whether this kind of system is reasonable. You do not have to build the system -- just analyze the security. If your system is too big (for example, whole government IT), you can just analyze some part or aspect of it. If the system is too small, you must go into more details in order to have substantial analysis. I recommend erring on the side of big. :)

Examples of systems that can be analyzed:

  • Electronic bus tickets
  • Internet voting
  • Offline cash
  • Some Internet environment
    • Orkut
    • Facebook
  • Some innovative mobile service
  • ...

Contents of the report

The following is proposed contents of the report.

  • Description of the system
    • Purpose
    • Parties
    • Assets
  • Security policy
    • What are the rules
    • What are the risks
  • What will we defend against?
  • How?
  • Some cost estimations
    • Cost of attack
    • Cost of defence
  • Conclusion
    • What should be done
    • Most important security measures
    • Is the whole system reasonable?


You must present main contents of your analysis in the last lecture. You must send the written report by the end of exam session.

When doing risk analysis, concentrate on risks that are specific to this system -- risks that arise from motivations of users and attackers, nature of the assets in the system (for example, physical assets vs. information assets), how the business works etc. The standard buffer overflow/css/injection etc. attacks are applicable everywhere and they do not need to be discussed in depth, except when they have interesting business-specific consequences.

The project should be done in teams of 2 or 3.

If you have project idea, please discuss it with me, either in person or via E-mail. This helps to make sure that the system you analyze is suitable for the project.