HW 1 for CSCE 489/689 - Software Security Due: Part I: 10 September 2018 by 8:00am Part II: 17 September 2018 by 8:00am Part III: 24 September 2018 by 8:00am ******************************************************************************** * Checkpoint dates are provided to make sure you are making progress on the * * assignment. Missing a checkpoint will not only negatively impact your grade, * * but it will also be a signal to you that you are behind schedule and may not * * have enough time to finish with a quality submission. At each checkpoint, * * you must submit your work to eCampus. * * * * Work individually on the assignment. * * * * All violations of the Aggie Honor Code will be filed with the AHSO and I * * will request a penalty of F*. For your own protection do not try to find * * example requirements/tests/code for this assignment online. You might * * succeed and you might be unable to unfind it. Also, it takes all the fun * * out of the work. * ******************************************************************************** The goal of this assignment is to implement a secure log to describe the state of a hospital in terms of the doctors and nurses who have entered the building and which rooms they are in. The log will be accessed by two programs: logappend - appends new information to a log file logread - reads a log file and displays the state of the hospital according to a given query Before you write any code, however, you must define the software requirements and write tests to verify the requirements. Of particular importance are the security requirements. To enforce this order (requirements --> tests --> code), you will be submitting your work after each phase. To help keep everyone heading in the right direction for implementation, I will post mandatory requirements and an example test case at the checkpoint for part 1. Here is the what the client wants: "Sacred Heart Hospital is committed to maintaining the highest standards of information and operational security. Every member of the hospital staff is equipped with the latest in secure identification technology. Sacred Heart's doctors and nurses badge in and out of the building and all rooms in the hospital. These events have to be recorded in a single log file which can be read to determine when staff members entered and exited a room, for example to identify staff who may have been exposed to a contagious pathogen. We need a logging system that can tell us in real time which doctors and nurses are in the hospital and in which rooms. We also need to be able to determine all rooms that a staff member has entered while in the hospital. The logging system must be secure." Part I: Requirements (checkpoint: 10 September) * write use cases and abuse cases * write software and security requirements - use cases --> requirements - abuse cases --> security requirements - emphasis on security requirements Part II: Tests (checkpoint: 17 September) * write tests to verify requirements - integration/acceptance tests - test cases are expressed in JSON format (see testcase.schema.json) Part III: Code * write code to pass tests (and meet requirements) * required language: C or C++ * must compile and run on compute.cse.tamu.edu - create a Makefile - running make should create the logappend and logread executables