ALPHA comments

[AMarcedone]

Kryptose am2623, asg252, js2845, yt336

11:40-12:00 (406, E/S)

OVERALL COMMENTS: This project is generally in pretty good shape. The initial functional requirements are complete, as are most of the relevant security elements. Good choice of parameters. However your requiremnets document specifies confidentiality and integrity goals for audit logs, but your design document and current implementation do not effect these goals. You also do not currently securely erase credentials from client memory.

OVERALL GRADE: B+

Alpha Demo:

• Progress on functional requirements: S Currently support record creation/modification/deletion, and can sync local copies of records with those stored on a server. Issues: currently rejects entries with spaces, accepts only one of domain/username, and doesn't store username along with password(!).
• Progress on security elements: S Confidentiality and integrity for communication and record storage (remote). No security for logs. Client memory not handled.
• Quality of demo: B Generally acceptable demo.
• Q&A: A All students able to answer questions about functionality and security (although some were more eager to answer than others).

  Documents:

• Requirements: S Document submitted and up to date with all required secitons.
• Design: B+ Confidentiality and integrity for communication and for records stored at server (use Java functions with strong parameters). Password records are stored in client memory and never securely erased. No security for logs.
• Assurance: B Unit tests with both valid and invalid commands. Pair programming. No test suite submitted. No exhaustive branch testing.
• FindBugs scan: S Scan submitted. No bugs of rank Scary or higher.
• Source: S

Source submitted. Instructions for compiling and running worked(!)

• Sprint report: S Submitted with all required information. Although apparently some students need a louder alarm.