Alpha Release Chris Krawiec Steven Moxley Kathryn Neugent Mike Shick Fan Zhang Only the best, most secure online Boggle™ clone ever to be produced at GWU.

Slides:



Advertisements
Similar presentations
Pearson Access for SAC’s
Advertisements

Managing User, Computer and Group Accounts
Tutorial EBSCOadmin User Groups support.ebsco.com.
Overview This session is aimed at both PeopleSoft Financials users and Security Administrators. We will discuss plans for the 9.2 upgrade including.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Understand Database Security Concepts
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Database Management System
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
GMetrix SMS Testing Center Guide.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.
Health and Wellness for all Arizonans Bureau of EMS and Trauma System Secure, Encrypted, On-Line EMS Services System 2015 Training Programs System Instruction.
Web Site Manual May The Southside SL Web Site Overview The SSSL will rely extensively on their web site to operate We need all teams to play their.
T EST I NFORMATION D ISTRIBUTION E NGINE (TIDE) (R EQUIRED FOR DTC S, R ECOMMENDED FOR STC S )
Software Configuration Management (SCM)
Medical Application Giant Squid Michal Cohen Robet Esho Chris Hogan Kate Kuleva Nisha Makwana Alex Rodrigues Rafal Urbanczyk.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
MDECA SECURITY UPDATES Update & Review for Security Changes!
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Module 9 Configuring Messaging Policy and Compliance.
TSA Leagues Coaches Web Site Manual May The TSA Leagues Web Site Overview The TSA Leagues will rely extensively on their web site to operate We.
TxEIS Security A role-based solution October 2010.
IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Module 9 Configuring Messaging Policy and Compliance.
Simplify TeleHealth - Copyright 2012 Emerge.MD inc - Confidential Single Sign On via Active Directory Federation Services 4.6 Release (March 2014) Updates.
Guidelines for ENSCONET partners in the use of the e-forum.
Tom Allen Clayton Chang Jeffrey Hebrank Justin McCarron Vincent Pai Luo Pan Allen Weiss.
Unified Distributed (UDub Mail) Life Cycle Objectives Sachin Pradhan Gabriel Maganis.
Page 1 User Accounts Lecture 3 Hassan Shuja 09/21/2004.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.
Lecture 24 Wireless Network Security
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Copyright © 2006, Infinite Campus, Inc. All rights reserved. User Security Administration.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
A user guide to accessing, reviewing and contributing to the Online Registry System.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
24 October 2007 Fernando Lucas Rodriguez Adaptation of HyperNews for the NICE (SSO) authentication.
Security Methods for Statistical Databases. Introduction  Statistical Databases containing medical information are often used for research  Some of.
Institute for the Protection and Security of the Citizen HAZAS – Hazard Assessment ECCAIRS Technical Course Provided by the Joint Research Centre - Ispra.
Module 7: Designing Security for Accounts and Services.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
E2E Training We need all teams to play their part in keeping the site up to date. Our website is
1 /6 Introducing TaxWise Online’s Administrator Functions © 2006, Universal Tax Systems, Inc. All Rights Reserved. Administrator Functions Objectives –In.
Instructions for Quia An online FREE program for SS students. It will have quizzes and activities.
SAP R/3 User Administration1. 2 User administration in a productive environment is an ongoing process of creating, deleting, changing, and monitoring.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
(Required for DTCs, Recommended for STCs)
The WNISL Web Site Overview
Database Security and Authorization
VIAPPL Instructions How to set up an experiment
Active Directory Administration
Audit Findings: SQL Database
Login & administration page
Lecture 2 - SQL Injection
Eric Mazzocco, Jake Smith, Ian Anderson
Pranav Rastogi | Program Manager, Microsoft
Presentation transcript:

Alpha Release Chris Krawiec Steven Moxley Kathryn Neugent Mike Shick Fan Zhang Only the best, most secure online Boggle™ clone ever to be produced at GWU Tuesday, October 25, 2011

System Purpose We aim to implement and secure a multiplayer P2P word game similar to Boggle™ SERVER - User Profiles - User Passwords CLIENTS - Dictionary - Points Earned

Game Overview 1. User logs and authenticates with the Joggle server 2. User checks to see who else is online and available to play 3.User initiates a game with another users (or users) and they agree on - Board Size (4 x 4 vs. 5 x 5) - Dictionary (proper nouns vs. no proper nouns) - A random seed value 4. The seed value is then used to generate the game board for each player 5. The game begins and each player has a set amount of time to find words (which are automatically checked against the board) 6. After the timer expires, clients report their words which are then checked against the dictionary 7.Finally, scores are tallied and saved by the client.

Threat Analysis -External Adversary that desires to gain control of the game server, access to users’ profile data or disrupt the game service. Limited skill level, small amount of resources -Authenticated Player that desires to exceed his/her assigned privileges on the Joggle server to view or modify stored data, manipulate the state of a game, or just generally desires to disrupt the game service or a particular game. Limited skill level, small amount of resources -Authenticated Admin or Auditor that desires to falsely manipulate an on-going game or otherwise disrupt the game service. Limited to moderate skill level, small amount of outside resources, but direct access to the operational game server and/or game server and client source code.

Security Goals The System Shall … -Prevent the disclosure of a user’s password to any principal besides the game client and server -Prevent the modification of a user’s password, except by an admin or the user -Prevent access to or modification of a user’s profile, except by an admin or the user -Prevent player access to the words submitted by other players during a game -Prevent the alteration of the word lists submitted by the players at the end of a game -Ensure the exchange of all word lists between involved players and the server at the end of the game -Prevent the modification of the game state by players once the game state has been created and agreed upon by the involved players -Prevent the unauthorized modification of the game client and server

System Backlog DONE AND IN GUI -A non-random Joggle board is generated based on a seed value -A player can then type in a word that appears on the board -The word is then checked against the board -If the word is on the board, the word is added to a “words found” list -Words can be checked against a dictionary using binary search

System Backlog IMPLEMENTED IN CODE, NOT IN GUI -Player profiles and accounts exist and can be created -Player information (except their password) is saved in database -New games can be created -Players can join games that haven’t started yet -Client and Server can communicate basic player information, seed value, etc.

System Backlog NOT IMPLEMENTED -Player passwords -Player authentication -Ranking based on points -Adding or deleting words from the dictionary -Auditing and logging (though, many helper methods have been created) -Administrator tasks (reset password, watch game) -Encrypted communications between client and server

Security Functionality We have no security functionality being delivered in this milestone.