Information Security

Problem description: The 2020 conference of the International Society of Cyber Security Research (ISCSR 2020) needs a system to support the peer review of research papers that researchers will submit to the conference. The conference provides an important and prestigious medium for the publication of original papers describing the latest advances in cyber security technology. The 2019 instance of the conference was the subject of a serious data breach perpetrated by a small cadre of embittered cyber security specialists who had failed to get their papers accepted at earlier instances of the conference. They are believed to remain determined to demonstrate that the ISCSR is incompetent and embarrass the ISCSR’s office holders. As a result of this, the conference steering committee has commissioned a bespoke peer review system that it hopes will prevent a repeat of ISCSR 2019 and will act as a showcase for information security best practice. You are required to develop a design report that provides an analysis of the security requirements and proposes a design that satisfies the security requirements for the ISCSR 2020 paper review system. A more detailed specification of your task is given on page 4 below. Some important characteristics of the conference are: • The conference steering committee (made up of old academics who used to be leaders in the field) agrees the date and location for the 2020 conference. To manage the conference, they appoint a Programme Committee Chair (PC Chair). The PC Chair is responsible for the conference programme. • About one year before ISCSR 2020 will take place, the PC Chair appoints a Programme Committee (PC) comprising researchers in the field who agree to review papers submitted to the conference and attend a PC meeting. • About 9 months before ISCSR 2020 will take place, the PC Chair issues a call for papers inviting researchers to submit papers describing original and previously unpublished cyber security research work for presentation at the conference and publication in the conference proceedings. A hard deadline for submissions is announced after which further submissions will not be considered. This is about 6 months before ISCSR 2020 will take place. • Researchers submit their papers to the conference. On submission, the author(s) for each paper provides the following: o Meta-data: ! Paper title and abstract ! List of authors and their affiliations o The paper itself is uploaded as a separate file in which the authors’ names are omitted along with any other text that could be used to identify the authors’ identities. 1 The uploaded papers are checked for conformance to the published formatting requirements, file type and page number limitations. Papers are rejected unless they conform, but the corresponding author can simply edit and resubmit the file until it is accepted. • When the submission deadline expires: o PC members are presented with the list of all the papers’ authors and required to declare any conflicts of interest (CoIs – see below). Note that the PC members only see the list of authors, not the titles of the papers of which they are authors. o Each PC member is presented with the titles and abstracts (but not the authors) of all the submitted papers and invited to bid for them by declaring: ! Which papers they would like to review because (e.g.) the topic is one that particularly interests them. The PC chair will try to allocate these papers to the PC member. ! Which papers they definitely do not want to review because (e.g.) the topic is one they know little about. The PC chair will try to avoid allocating these papers to the PC member. ! Which papers they have no strong preference about. • The PC Chair allocates each paper to three members of the PC (the reviewers) for review, based on: o Ensuring no reviewer can have a CoI with any of their papers’ authors; o Balancing the reviewing load across all PC members; o Respecting the PC members’ preferences expressed in their bids as far as possible; o Ensuring every paper receives three reviews; A hard deadline is set for submission of the PC members’ reviews. This is about 4 months before ISCSR 2020 will take place. • During the review period, a reviewer, R, of a paper must not be able to see the reviews of the paper’s other two reviewers until R has submitted their own review. • On expiry of the review deadline, each paper’s reviewers are invited to discuss the paper and the rationale for their reviews. This is to try to reach a consensus that will minimize the work of the PC meeting (see below). Reviewers are able to amend their own reviews during this period. The discussion of all papers must be concluded and the reviewers’ reviews frozen by a hard deadline set by the PC Chair. This is about 3.5 months before ISCSR 2020 will take place. • On conclusion of the discussion period, the PC chair classifies each paper as: o Accept : At least two reviewers rated it a Strong accept and no-one recommended rejection - requires no discussion at the PC meeting; o Reject : At least two reviewers rated it a Strong reject and no-one recommended acceptance) - requires no discussion at the PC meeting; o Decision pending : Anything else - the paper will be discussed at the PC meeting. • At the PC meeting, the attending PC members, led by the PC Chair, work thorough the Decision pending papers one-by-one, changing their classification to Accept or Reject according to the final decisions that they agree upon. The PC meeting happens about 3 months before ISCSR 2020 will take place. • Following conclusion of the PC meeting, the PC Chair contacts the authors of every submitted paper, informing them of the decision, and including the reviewers’ comments for feedback. The authors of any Accepted paper are required to amend their paper to include the names and affiliations of its authors and (re-)submit their amended paper by a given hard deadline. Again, amended papers are rejected unless they conform to formatting requirements, file type and page number limitations. However, the papers are not re-reviewed. The resubmission deadline is about 2 months before ISCSR 2020 will take place. 2 • When the resubmission deadline has expired, the general editor of the International Society of Cyber Security Research Press is given access to the accepted papers, which they compile into a volume of proceedings (a book containing all the accepted papers). • On or just before the conference starts the registered conference delegates are given access to the proceedings. • Some time after the conclusion of the conference, the proceedings are published to the wider research community. Points to note: An author wants their paper to be published in order to disseminate the results of their research and so their paper can accumulate citations. Citations are acquired as other researchers acknowledge the contribution the results documented in the paper have made to their own work. The more citations a paper gains, the greater its impact and the more prestige its authors will gain. An unpublished paper (i.e. a paper before a publication decision has been made, a paper that has been accepted but not yet published or a paper that has been rejected) can’t be cited, and so the ideas it contains are vulnerable to being exploited without acknowledgement of the authors. Thus an unpublished paper is a valuable asset that the conference review system must take care to protect, otherwise authors will lose confidence in the conference series and stop submitting papers. PC members and the PC Chair are bound by a code of ethics to not show to others, reveal the contents of or use the research results of papers for their own research until the papers have been published (i.e. until the proceedings are made available to the conference delegates). You can assume that this code of ethics is observed. However, you cannot assume that PC members will not be curious about the identity of the reviewers of their own papers, or of others with whom they have a CoI. Common conflicts of interest that a PC member Alice may have include: • Alice is related to, or is the partner of, Bob; • Alice works at the same organization as Colin; • Within the last five years, Alice has co-authored a paper (published anywhere) with Denise; • Alice has a CoI with herself! At the PC meeting, immediately before each paper is scheduled for discussion, any PC member who has a CoI with any of that paper’s authors is required to leave the room. They are re-admitted when discussion of that paper has concluded. To avoid conscious or unconscious bias influencing PC members’ reviews, the identities of papers’ authors are concealed from the PC until the PC meeting has made decisions on all the papers. The identities of the reviewers must be concealed for ever from the authors of any paper that they review, and from all members of the PC who have CoIs with those authors. This two-way anonymity in which the identity of authors is concealed from reviewers and the identities of reviewers is concealed from authors is called “double-blinding”. PC members’ reviews of a paper typically comprise: • A discussion of the paper’s strengths and weaknesses that is intended as feedback to the authors and to act as a rationale for their assessment of the paper’s suitability for acceptance or rejection; 3 • Any addition comments visible to the PC chair or the paper’s other two reviewers but not made visible to the paper’s authors – e.g. THIS PAPER IS RUBBISH! • A recommendation to the PC meeting on a scale that is typically o Strong accept (paper makes a strong contribution to the field and has no major defects) o Weak accept (paper makes a contribution to the field that is not strong but still has some value, or it makes a strong contribution but has some minor defects) o Weak reject (paper has the potential to make a contribution to the field but has significant defects) o Strong reject (paper makes no significant contribution to the field and has major defects OR is not original work) PC members are permitted to submit papers to the conference but the PC Chair is not. Your task Your task is to carry out a requirements analysis and develop a design proposal for a web-based system to support the peer review system described above. The analysis and design should focus particularly on the security of the system. To do this you need to carry out the following steps: • Analyse the problem description above and identify the primary users/roles/actors and their requirements. As part of this, you will need to identify the primary use cases. • Identify the assets that need to be protected, their vulnerabilities and the threats to which they may be subject. To help you do this, extend the use case diagram to identify and elaborate the primary misuse cases and from this identify the misusers and the security requirements needed to confound their actions. • From the identified security requirements, propose design solutions that offer effective controls for the identified threats and vulnerabilities. Your proposal should include, but not be limited to: o How to provide the required levels of confidentiality, integrity and availability; o How to authenticate users and systems; o An access control scheme; • Principles for achieving website security; • You should explain how the controls you propose are appropriate to the level of threat posed. • Deliverables: Format of your final report: Your report should be a maximum of 15 pages of A4, not including any appendices you choose to include, 12pt font for the main text. Your report should include: • A cover sheet with “CS5520”, your name and degree programme • Table of Contents 4 • References (if any) The organization of the main body of the report is up to you. You are encouraged to make good use of diagrams and tables to communicate your ideas. Marking scheme: Final Report (out of 70) • Analysis (out of 25) o Comprehensive description of the users/roles/actors (both legitimate and attackers), identification of the valuable assets, threats and vulnerabilities, all derived directly from analysis of the problem description with insights from external sources. 21 – 25 o Identification of most of the users/roles/actors (both legitimate and attackers), the valuable assets, threats and vulnerabilities, all derived directly from analysis of the problem description but without any use of external sources. 14 – 20 o Identification of plausible set of users/roles/actors (both legitimate and attackers), valuable assets, threats and vulnerabilities, but not fully justifiable from or traceable back to the problem description. 10 – 13 o Poor or patchy identification of users/roles/actors, valuable assets, threats and vulnerabilities, not justifiable from or traceable back to the problem description. 0 – 9 • Design (out of 25) o Design that sets out the general architecture of the system, with a detailed description of proposed controls that address all the threats and vulnerabilities. For each proposed control the alternative solutions are presented and a clear rationale for the selected one provided. 21 - 15 o Design that sets out the general architecture of the system, with a detailed description of proposed controls that address all the threats and vulnerabilities, but no discussion of alternatives or rationale. 14 - 20 o Partial coverage of controls for the threats and vulnerabilities, or good coverage but implausible solutions proposed. 10 - 13 o Poor coverage of controls for the threats and vulnerabilities with failure to understand appropriate security controls for the problem. 0 - 9 • Use of diagrams and tables (out of 10) o Use of diagrams and tables is effective, with recognized or standard notations used wherever appropriate. 8 - 10 o Use of diagrams and tables is effective only in places, and with recognized or standard notations not used or used improperly. 5 - 7 o Poor or no use of diagrams and tables. 0 - 4 • Format and style (out of 10) 5 o Good table of contents and subsections, consistent formatting, appropriate labeling and numbering of diagrams and tables, good English and grammar, page numbers. 8 - 10 o Reasonable table of contents and subsections, with most of: reasonable formatting, reasonable labeling or numbering of diagrams and tables, reasonable English and grammar, page numbers. 5 - 7 o Missing or unhelpful table of contents, missing or inappropriate subsections, poor formatting, missing or poor labeling of diagrams and tables, poor English and grammar. 0 - 4    

Sample Solution