Homework 5

Due Friday, November 13, at 7:00 PM


For assignment 5, you'll be conducting a design review of another group's solution to Assignment 4. You will review both BlockStoreAuthEnc and ServerAuth. We will email you the solution they submitted for Assignment 4, as well as the output of the autograder as run on their code.

Your report should focus primarily on whether the design provides the security guarantees required in assignment 4, within the threat model of assignment 4. In particular, if you see a way in which the solution you're analyzing fails to provide the required guarantees, you should describe an attack that exploits this failure to cause a failure of confidentiality or an undetected failure of integrity. Even if you can't find any failures or attacks, you can give feedback on the design choices made by the team you're evaluating and the quality of the justification offered by their solution.

Review Format: To be helpful to the original system's designers, your review should follow the following format.

Your solution should be submitted in either pdf or HTML format. If you're using pdf format, please name your report submit5.pdf. If you're using HTML, please package everything you're submitting into a single zip-file, called submit5.zip. Also, as per the design review description above, please post your meeting time as a private note on Piazza with the tag "#hw5meeting".

If you're using HTML, the report should be an HTML file named index.html. (It may contain images, links to other files, etc. if you include those files in your submission.) Your solution will be graded on the basis of content alone (e.g. you do not have to: design something really nice looking, use css, include images, have MIDI files playing in the background, etc.).

For this assignment, you must work in the same group that you worked in for assignment 4. You may not collaborate with anyone outside your group.

Your report can be submitted using this link.

Copyright 2000-2014, Edward W. Felten.