CS2SNS Secure Network Services

You must complete the following practical elements which are given in increasing levels of difficulty:

You are asked to design and implement a simple multi-user chat service using Java socket programming. This system should consist of a chat server that hosts a group chat; and a chat client that can be executed by multiple users to interact with the group chat.

The basic functionality provided by the chat service should allow users to: 1) join a group chat, 2) post a message with the identity of the user to the chat (i.e. the name of the user and the message is posted to the chat), and 3) receive and view messages that are posted by all users within the group chat. Users only to need to see the messages posted while they are connected to the chat server.

Note that you are not expected to provide a sophisticated user interface for the chat service (a simple text-based interface will suffice).

You are asked to secure your chat service to ensure that chat messages are confidential to the members of the group chat. You should use secure socket programming to implement this required functionality.

You are asked to identify one further threat to the security of the chat service and implement one further control to mitigate this threat.

You are asked to identify a second further threat to the security of the chat service and implement a second further control to mitigate this threat.

There is little or no understanding of the design and development of a secure network service.

Documentation of the system is poor and demonstrates a limited understanding of both networked services design, and network security.

System is documented correctly and demonstrates understanding of network protocols and how they inform the design of a networked service. There is limited evidence of documenting the security threats and controls in the system.

System are documented correctly and demonstrates understanding of network protocols and how they inform the design of a networked service. There is some evidence of using systematic threat analysis to identify the security threats and controls in the system.

System are documented correctly and demonstrates understanding of network protocols and how they inform the design of a networked service. There is good evidence of using systematic threat analysis to identify the security threats and controls in the system. The threat analysis informs basic design documentation for a secure networked service.

Systems are documented correctly and demonstrates strong understanding of network protocols and how they inform the design of a networked service. There is good evidence of documenting the security threats and controls in the system based upon rigorous analysis. Each additional security control is documented accurately as a solution to an identified threat in the system.

The quality of the report demonstrates innovative design alongside critical reasoning for design and implementation decisions in all aspects of networked services and security. Multiple additional threats (beyond level 3 and 4) to the chat service are discussed, and the additional presented controls are documented accurately as a solution to a threat in the system.