The additional assignments are meant for those who have missed some
quizzes in Moodle i.e. you have less than full points from some of the
quizzes. Some of you may have less than full points (1.33) from the
first password cracking quiz. This doesn't count as a missed quiz.

If you have missed 1 or 2 quizzes, you only need to
do part 1 of the assignment. If you have missed 3 or 4 quizzes you
need to do parts 1 and 2. We expect the answers to both parts to be 2-3
pages long with some margin so that excellent analyses are allowed to
be shorter.

Exercise setting

We have plenty of social or Web 2.0 services on the Internet that
require you to register and share information with other people. Analyze
the security of one popular service and give recommendations.

Select a popular service, like Amazon, Google (some social Google
service), Facebook, IRC-galleria, Youtube, or Jaiku. If you select
something else than the above mentioned, it should be popular (thousands
of users) and information should be available on English, Finnish or
Swedish.

Part I: Analyze the security of the service for its users

Goal: The CIA model is a common tool for analyzing the security of
information systems. The goal is to apply the CIA model to a real life
example.

Perform a threat and risk analysis on the service from user point of
view. Note that the user may have more than one role. Think about:

    * What information you give to the service
    * What can another authorized user do to your information
    * What can the service provider do to your information
    * What can an unauthorized user (somebody who breaks the security of
the system) do to your information

Use the confidentiality, integrity, availability (CIA) model as the
framework in this analysis. Pay attention to changes over time, e.g.
information you enter today may be used twenty years from now. Think
about threats like identity theft or slander, capabilities like the
ability to remove or not to remove your information.

Report at least five major threats to the user, analyze the risk if the
threat is realized and give your recommendation about should the users
do something to avoid this risk and if so, what to do.

Part II: Design Principles

Goal: learn how to apply these abstract principles to a concrete case.

Several design principles have been presented in the lectures.
Additionally you can read an article by Saltzer and Schroeder article
(link to PDF on the left, page 1282, available at IEEE Xplore from the
TKK network).

Select an existing software feature or one you would like to implement
in the earlier service, and describe how each of these design principles
would influence the design and implementation of the feature:

    * Least Privilege
    * Fail-Safe Defaults
    * Economy of Mechanism
    * Complete Mediation
    * Open Design
    * Separation of Privilege
    * Least Common Mechanism
    * Psychological Acceptability

You should provide at least 2-3 lines of description for each principle
and reasonable insight. "We will make our design open to make it better"
is not useful or insightful. "The 'rate my homepage' feature will be
implemented using a publicly available Perl form handling library to
gain benefit from the peer evaluation of the open design" is better.

General instructions

Generally we are more interested in you showing a grasp of the meaning
of the concepts than getting the results exactly right.

If you need to make any extra assumptions about the exercise, please
write them down and justify why you made them. If a different assumption
would significantly change your solution, you should also discuss that.
Discuss matters broadly, not just some special cases.

Write complete sentences and paragraphs, not just notes. Use subheadings
to divide your answer to smaller parts. Remember to divide your text to
paragraphs. Tables and charts are sometimes useful but they should not
be the most important part of your answer, and should never be used just
for their own sake. The use of fancy styles, large fonts, headings and
subheadings does not contribute toward the required length of the text.

If you think some part of the assignment is unclear or uncomprehensible
you can ask for clarification in the course newsgroup or at the IRC
channel !titu.

Returning

Deadline of the assignment is on Monday, November 9th at 16:00. Return
your answers (on paper) to the mail box of the course. The mail box is
in front of the glass doors behind lecture hall T2, in the first floor
of the CS building. The mail box is marked with the course code
(T-110.4200/4206).

Please write the name and code of the course and your name, student
number and email address to the first page of your submission.