CS 8803b Computer Systems Security 
Programming Assignment I
Due Date: October 27, 1999

This project has several goals. First, it would help you understand how a security policy can be defined for a Java application  so it is able to control access to important resources. Second, you will explore how the class loaders and security manager work together to enforce the access decisions defined by the security policy. Finally, you will explore an interesting application to see if its security requirements can be met by the support provided by Java. To achieve the first goal, you will build and demonstrate an application that controls access to a "database" that manages information related to a course. For example, consider one of the introductory computer science courses that is taken by a large number of students. Access to information about student grades must be restricted to avoid undesirable results. A variety of subjects, including the instructor, teaching assistants and students can access the information in controlled manner. An instructor may be allowed to read and write the information whereas a student may only be allowed read access to his/her grades.

PART I

We will implement the course database by a set of files. In particular, a different file will record the grades of each student. These files are the resources that must be protected by the Java application. The application could be executing code that comes from different sources: students, TAs or the instructor. You should code a security policy that allows an instructor both read and write access to all files, TAs only read all files and a student can only read his/her file. We certainly need to worry about the issue of who can run what code. At this point, you do not  need to be concerned about it. You only need to demonstrate that depending on the code sources, different types of file permissions are provided.

PART II

Another goal of this project is to understand how security is ensured by Java. In particular, who guarantees that the name spaces for code from different sources/signatures cannot be altered, and how does it ensure complete mediation? You need to discuss the important classes (and their extensions) that make these guarantees.

PART III

Finally, consider a multi-user game application (see www.gamelan.com for examples of games) where different users want to control access to different objects that they share with each other. Explain if it is possible to ensure secure access to the application objects using the security mechanisms that we discussed. To answer this question, you should come up with a design for the multi-user game with access constraints for various objects.

The final submission must include a brief report that describes your implementation for Part I, and answers to the questions in parts II and III.