This project has three due dates (all due at 10am/start of class):
The threat-model deadline is a bit close to the implementation deadline so that you have time to prototype a bit as part of working out your architecture and threat model. These dates do not suggest that you should wait until December 3 to start implementing your site!
You may do this as a group project (we recommend you do so). I'm expecting most groups to be 2-3 students. If you want to form a larger group, let me know so we can identify additional security-related features for you to implement.
For the third due date, you will analyze another student/group's submission in two ways: you'll try to attack it (using your threat model for guidance) and you'll assess the usability of its security features. Both the analysis done to your system and the analysis you do of another system will figure into your grade on the project. The security analyses will be done individually, not in groups. This gives each student a clear, solo deliverable as part of the project.
Your job is to build a social networking and auction site for an artists collaborative. The collaborative strives to encourage and support its members in their artistic endeavors. On the social side, members can post questions or descriptions of ongoing projects for other members to comment on. Members can also post descriptions of finished projects that are for sale within the collaborative. Purchases within the collaborative use an internal currency. Members earn currency through sales of their own art or through "gratitude" contributions from other members. For example, if Alice gives Bob useful feedback on a question or design-in-progress, Bob may choose to thank Alice by giving her some of his currency.
More concretely, the site must support the following features:
New members may sign up with the collaborative by providing a valid email address. New members receive 50 units of currency.
Each member has a profile. Profiles must contain a member's full name. Members may optionally include their city of residence, link to their professional website, and description of their art in their profile.
Members may define tags with which to classify other members (ie, "painter", "personal friend", "mentor", "pest").
Each member has a page on which they may post blog-like entries. Members may choose to annotate entries as a "question" or "idea".
Members may post finished items for auction. An auction announcement requires a description and photo of the item and a minimum price in internal currency. Each auction announcement should have a direct-access URL (ie, a permalink), which other members might include in their own entries. Members may limit auction announcements based on tags (ie, "show this only to mentors", or "don't show this to pests"). The latter feature allows posting an item at different prices for different categories of members.
Members may subscribe to the entries or auction announcements of other members. They may limit their subscriptions based on tags (ie, "Bob's questions", "auctions from painters").
Members may bid on auction items by indicating the amount (in internal currency) that they are willing to pay for the item. Each member decides whether or when to accept a bid. If a bid is accepted, the original bidder is asked to confirm that they still want the item. If they confirm, the currency transfers from the bidder's account to the seller's.
Members may make payments to other members at any time. When a member receives a payment, they should receive an email informing them of the payment.
[Clarified 12/5:] Members may post comments on other members' blog posts. Comments do not need to be categorized (into idea versus question, for example).
Threat Model: Your threat model should follow the STRIDE method covered in class on November 24. We are looking for a systematic presentation of threats to the site, following the STRIDE categories.
Implementation: We are mainly focusing on the security aspects of your implementation for this assignment. Interfaces, for example, don't need to be spiffy visually, but you should pay attention to interface decisions that might have security implications. Your implementation should use components similar to what you would use in a real system (ie, a standard database on the backend rather than just a bunch of files). Our goal is for you to demonstrate secure application skills that you might need in the real world, so don't avoid a real world technology just because the security implications are messy.
Real-world web applications must confront compatibility issues across browsers. For this assignment, an implementation that is stable in one of IE, Firefox, or Opera (preferably one of the first two, since that's what the staff computers have) will suffice. Don't waste your time on cross-browser stability.
[Added 12/6:] Please include a readme in the top level of your submission. The readme should indicate
Assessment of Another System: For the attacks portion, we expect a writeup like you did for the turnout attacks. For the usability assessment, follow the metrics from the "Why Johnny Can't Encrypt" paper (linked to the readings for the usability class on December 3/4) to conduct a cognitive walkthrough of the system you are evaluating.
You may submit all or part of your threat model on paper, but keep a copy for yourself to use in the third deadline.
You may choose your own development language, with the caveat that there be at least two groups using each language (to simplify the security-analysis deadline). Feel free to grab mashup components (ie, the Yahoo YUI API) for non-security elements. Check with me before using components or services for features with strong security implications, such as the payment system. While you would probably want to use tested components for these in a production system, I want to see how you think about the security issues for yourself in this project.
You must host your site somewhere that both staff and students can access (CCC, your own server, etc). Sites must be up until class time on the last day of the term. If you need to leave campus earlier than that, please let me know at least a week in advance, as this affects our grading and potentially the student(s) assessing your site.
There is a page on the myWPI wiki for you to indicate groups and language/platform choices. Feel free to use that to indicate that you are searching for teammates as well.