Requirements

• The projects must include security as one of the objectives.
• During the classes students will work in teams composed of 4-6 students or in a single team.
• A team may receive up to 110 points for the project.
• Evaluation will be subject to:
  1. Product quality confirmed by a set of tests: up to 45 points.
  2. Product security confirmed by a set of tests: up to 35 points.
  3. Points for keeping to deadlines with implementation: up to 10 points.
  4. Teamwork tools used (minimum: artifact management system, version control system) - up to 10 points.
• The classes will be composed of two paths: functional path and security path. The functional path will be evaluated during the laboratory classes and the security path during the exercises.
• The functional path shall include: specification of user requirements + architecture design + implementation together with functional tests (10 + 10 + 25 pts).
• The security path will include: security analysis of the design and the tests evaluating security of the product (15 + 20 pts).
• The instructors may award bonus points (up to 10 points) for exceptional implementation conducted according to the schedule.
• Milestones:
  • The third The fourth laboratory class: present the requirements for the product from the customer's point of view (required functionalities, target platform, scalability requirements). The required functionalities are best presented in the form of user stories. (10 pts)
  • The sixth laboratory class:
    • presentation of target system architecture, i.e. system division into components, and basic version of interfaces between components (note: interfaces should be extensible - cf. e.g. ASN.1 notation) (10 pts),
    • a schedule describing which requirements will be implemented in subsequent versions: alpha, beta, final (no points granted).
  • The sixth exercise class: security analysis of the design (15 pts). Deadline for this deliverable: 01.06.2022, 08:00. Please send the report to my e-mail box.
  • The eighth laboratory class: alpha version of the system with a set of tests (5 points for sticking to the deadline).
  • The eleventh laboratory class: the beta version of the system along with a set of tests (5 points for sticking to the deadline).
  • The last laboratory class: the final version of the system together with a set of functional tests (25 pts).
  • The last exercise class: the tests evaluating security of the system (20 pts).
  Any delay that is no longer than a week is counted as a week of delay. A week of delay means lost of 50% of points for the milestone (this not refers to the last classes, because no evaluation is done after the last classes). If more than one week of delay has passed then it is counted as two weeks of delay and it means that the score for the milestone 0 pts.
• Note: it is allowed for the architecture design to evolve as more knowledge is gained about the system.
• Based on the points earned by the team during the semester, individual points are awarded within the team so that the arithmetic average of individual points awarded to team members does not exceed the number of points earned by the team. No negative points are awarded.
• On the basis of the points earned individually by the students, grades are assigned. Grades are calculated according to the following scale:
  • 2 for the number of points in the range [0,50)
  • 3 for number of points in the range [50,60).
  • 3+ for a number of credits in the range [60,70).
  • 4 for the number of points in the interval [70,80).
  • 4+ for the number of points in the [80,90) range
  • 5 for number of points in the range [90,100].
  • 5+ for number of points greater than 100

Exemplary Projects

1. Implement a non-standard authentication method in OpenLDAP using SASL.
2. Augment OpenSSL with dynamic preparation of certificate chain for client authentication in TLS Handshake. Use callback functions for this purpose. You may use this document to learn details.