CS 161 Project 2
You will build the client for a file sharing system. The client will allow users to store and load files,
share files with other users, and revoke access to a shared file from other users.
Users of your application will launch your client and provide their username and password. Once
authenticated, they will use your client to upload and download files to/from the server. Your client
will be the interface through which users can interact with the files stored on the server.
You will implement 8 functions on the client: InitUser, GetUser, StoreFile, AppendFile, LoadFile,
ShareFile, ReceiveFile, and RevokeFile. In addition, you will write tests to ensure the robustness
of your client. We include some basic functionality tests, but it is up to you to create a thorough
test suite to cover different attacks.
We provide 2 servers that you can use:
• The first server, Keystore, provides a public key store for everyone. It is trusted.
• The second server, Datastore, provides key-value storage for everyone. It is untrusted.
Using just these two servers and your knowledge of computer security, you will implement the 8
functions above to provide a secure application. Please note that your design will have to take
into account how to ensure confidentiality and integrity of files in addition to the basic file-sharing
functionality. Your client must also be stateless; if the client is restarted, it must be able to pick up
where it left off given only a username and password.
We provide a trusted keystore server. The keystore server is trusted and will behave honestly. No
adversary will be able to maliciously overwrite or tamper with a key record stored on the keystore
We provide an untrusted datastore server. The adversary is assumed to control the datastore server
and the network. The adversary can view, record, modify, and/or add any key-value pair stored
in the datastore server. In addition, the adversary can observe which users store each key-value
pair and the order in which key-value pairs are stored, viewed, or deleted. The adversary can also
view and modify any access_token(s) generated by ShareFile when users share files with each
other. You should assume that the adversary knows the design of the system and all specifics of
We also assume that the adversary controls one or more malicious users. It is possible that a
legitimate user might share a file with a malicious user. If so, the adversary can record all relevant
information about the file (including any cryptographic material and any access_token(s) generated
by ShareFile) and remember it, even if access to the file is later revoked.
Finally, the adversary can read the contents of the public keystore and take advantage of automation
and brute-forcing, constrained by practical limits.
本网站支持 Alipay WeChatPay PayPal等支付方式
E-mail: firstname.lastname@example.org 微信号:vipnxx