Computer and Network Security (CITS3231) - 2009 project

Also check the project clarifications and project resources webpages.

Consider software development in the near future.

Programmers wish to build software projects using both their own code, and the software artifacts of others. While completely open-source projects still exist, most projects use one or more software artifacts developed by commercial Software Houses (located 'somewhere' on the Internet).

However, the software industry of the near future has taken a dramatic shift since the Google Facebook Crisis. Suddenly, all Programmers and Software Houses have become more concerned about their intellectual property, and the mechansism for software development has had to adapt.

Now, Software Houses provide access to their software artifacts on a per-link basis. Each Programmer requiring the use of a commercial software artifact, must pay a licence fee to the owner of the software artifact each time that that artifact is linked against the Programmer's code. To simplify matters, Programmers typically pay for, say, 10 such uses (in advance), and so the Software Houses simply have to monitor that the Programmer is currently licenced to access the required software artifacts.

The Software Houses don't trust the Programmers, and won't provide them with the compiled versions of their software artifacts, and certainly not the original source code. New technology has made it infeasible to reverse-engineer software artifacts, but still the Software Houses don't trust the Programmers.

Fortunately, the Programmers and the Software Houses mostly trust a new form of start-up industry, termed Linking-Brokers (located 'somewhere' on the Internet). On request, Linking-Brokers link Programmers' compiled code against the necessary software artificats developed by the Software Houses. The Linking-Brokers are paid a small fee by the Software Houses to securely manage the linking process, and must particularly ensure that the software artifacts are only made available for the use of licensed Programmers.

The goal of this project is to develop a software system that supports the needs of the near future software industry:

• programmers wishing to develop software projects present proof of their identity, their own compiled software artifacts, and proof of their relevant current software licences, to a Linking-Broker.

• The Linking-Broker will request one or more software artifacts from each identified Software House, together with proof that the Programmer holds a current licence for those artifacts.

• Programmers don't completely trust the Linking-Brokers, and are concerned that the Linking-Brokers will misuse the Programmers' licences and, so, the licence information is presented to the Linking-Brokers in a manner that only the Software Houses will understand.

• Software Houses don't completely trust the Linking-Brokers, and deliver to them software artifacts that can (effectively) only be linked against once, and only for the Programmer providing the licence information.

• If all is in order, each Software House provides a copy of its most up-to-date version of the software artifact to the Linking-Broker, which will link all software artifacts together, and return the final "product" to the Programmer.

• If any problems are detected, all error messages are securely delivered back to the Programmer.

The constraints of the project require that:

• your project may be written in Java or C99 (or both), and should support the construction of projects themselves written in either Java or C (only one required).

• all network traffic must be encrypted.

Deadline and project submission

By the deadline all source code, digital certificates, and scripts that you wish to be assessed should also be submitted using cssubmit.

You are welcome to undertake the project on your home or laptop computers. Please note, however, that all materials submitted for marking must be working on our School's machines by the due date.

Project demonstration

• briefly describe design decisions and assumptions that you have made in your project. You should clearly identify what is being protected by your system, how that protection is assured, and identify any currently known weaknesses with your approach or its implementation.
• re-compile your programs, and initialize and invoke any server and/or client programs. Describe the contents of each necessary directory and its files.
• demonstrate, through a small number of examples, how someone may use your software system.

Working in groups of up to three

The project is worth 30% of your mark in CITS3231 this year, and the distribution of marks within your group (typically one-third/one-third/one-third or 40/20/20) must be agreed to by both members of your group.

Only one group member needs submit files using cssubmit. Ensure that all students' names and student number are on, or in, all submitted materials.

Anyone needing to find a project partner should read partners.html as soon as possible, so that individuals may be paired up.
Groups of 4 will only be assigned by Chris McDonald if absolutely necessary.

Clarifications

Clarifications will be also added to the project clarifications webpage.

Additional materials will also be addded to the project resources webpage.

Good luck,

Chris McDonald
September 2009.