Coursework for Module: Security & Software Development

Task

There are two items of coursework for the module, that are collectively worth 100% of your module mark. They are CW1, a security analysis, and CW2, a software development.

1. The security analysis, which will also require a software modification, is for 40% of your module mark and it will test the following module level outcomes:

•Have a thorough understanding of the main attack vectors commonly used to attack  software and be able to design and implement software that reduces the likelihood of those vulnerabilities being exploitable

•Conduct a detailed and critical analysis of existing software and utilise the results to produce secure modifications to treat or mitigate any vulnerabilities found

2. The software development is for the remaining 60% of your module mark. You will produce a secure prototype of a student record management system in the programming language C/C++, accessed through a web interface. This will test the following module level outcomes.

•Have a thorough understanding of the principles and issues involved in designing secure software and be able to utilise them in the construction of complex software.

•Have a thorough understanding of the main attack vectors commonly used to attack software and be able to design and implement software that reduces the likelihood of those vulnerabilities being exploitable.

•Design and implement concurrent and distributed software which operates in hostile environments

•Design and implement secure software that utilises the underlying security model of the OS and hardware.

The purpose of your first coursework is to see whether you can discover and fix security flaws in other people’s code, before you then attempt to build secure software from scratch for your second coursework.

The program you have been given has several security flaws and is intended to enable lecturers to view and store marks for students on modules. It reads in a file pwds.txt containing for each lecturer their passwords (encrypted) and the modules (up to five) that they are working on. It authenticates the user by asking them for a name and password and then presents them with a list of their modules. The user can then select a module, see a list of marks for each student and change the marks for a student. You may assume that pwds.txt is vulnerable to unauthorised writes but that the other files are not.

You can compile and run the code, which has been developed on Ubuntu (run from Virtual Box) and tested on Windows (compiled as normal with Visual C++) but you will need to examine the source code itself (which the attacker has access to) and think carefully about how it works.

Summary

The software you are writing is a CGI program written in C/C++. This means that it is running on a web server and it will be accessed through a web interface. The function of the software is a student record management system. Lecturers will use it to view a list of the students for their modules and they will be able to view the marks for those students and change them.

A separate person called the administrator will be responsible for deciding which lecturers oversee which modules. They will also add students to modules; for simplicity, the students will not have accounts with which to add themselves to modules. 
Here are the functional and non-functional requirements for the software development. You will be marked on your understanding of potential attack vectors against secure software and on the principles of designing secure software, and on how well you design and implement software that reduces the likelihood of those vulnerabilities being exploitable.

FR1: There are two kinds of users: lecturers and administrators. Both can register an account and set a password.

FR2: Lecturers can see a list of their modules and a list of the students on each module. They can also enter and change marks.

FR3: Administrators can assign lecturers to modules and students to modules. There is only one administrator account.

FR4: The process of logging in should use two-factor authentication. The user must enter a second password sent by email after the main password has been entered. The email address to be used is the one entered when registering the account. If you are not able to install the relevant mail library, you can simulate the process of emailing by appending to a “mail spool” text file representing all the emails that have been sent.

FR5: The administrator account, in addition to the protections of FR4, must also be authenticated by a “hardware” token, which should be implemented as a piece of challenge-response software.

NFR1: You may use your own web server running on your own machine if you wish. However, the department has provided the SOTS server, which you can use instead. Your login details have been emailed to you.

NFR2: The system must be developed in C/C++. You may use CGI to interact with the web pages. You may use the C/C++ CGI libraries, which have been installed on SOTS, if you are using SOTS. Here is one of many tutorials on them:

NFR3: The system must be robust and secure. Specifically, it should be capable of mitigating many kinds of attacks covered in the module, as detailed in the marking scheme. SSL must not be the sole means of preventing these attacks.

NFR4: The system must be designed with maintainability, security and reliability in mind and according to best practice in designing and implementing secure software. Defensive software practices should be used throughout.

NFR5: Your code should be commented and have sensible and consistent naming

NFR6: The system should be responsive and easy to use

NFR7: You may use cryptographic libraries if you wish.

NFR8: Your report must explain why you believe you have satisfied NFR3, NFR4, NFR6.

NFR9: Your report must explain why you believe you have satisfied FR1, FR2, FR3, FR4, FR5.