Proj-2015-2016-Extensions IPOPO/SRS: Difference between revisions

From air
Jump to navigation Jump to search
No edit summary
 
(6 intermediate revisions by 2 users not shown)
Line 14: Line 14:
| January 18, 2016
| January 18, 2016
| Marwan HALLAL, Rémi GATTAZ, Abdelaziz FOUNAS
| Marwan HALLAL, Rémi GATTAZ, Abdelaziz FOUNAS
| Creation of the document
| IPOPO description
| TBC
| TBC
| TBC
| TBC
Line 22: Line 22:


=1. Introduction=
=1. Introduction=
==Purpose of the requirements document==
==1.1 Purpose of the requirements document==
This Software Requirements Specification (SRS) identifies the requirements for project StartAir Safe.
This Software Requirements Specification (SRS) identifies the requirements for project StartAir Safe.
In case of a open source project, we must present the requirement to others potential contributors. This document is a guideline about the functionalities offered and the problems that the system solves.
In case of a open source project, we must present the requirement to others potential contributors. This document is a guideline about the functionalities offered and the problems that the system solves.


==Scope of the product==
==1.2 Scope of the product==
The goal of the project is to add to IPOPO an encrypted remote shell without using external modules as much as possible. Adding this shell would allow the use of sensitive data, such as passwords, from a client to an IPOPO application.


==1.3 Definitions, acronyms and abbreviations==
==1.3 Definitions, acronyms and abbreviations==
* IPOPO : A Python-based Service-Oriented Component Model [http://ipopo.coderxpress.net/wiki/doku.php Documentation officielle]
* Shell : A shell is a user interface for access to an operating system's services. It is accessed through a command-line interface (CLI)
* CLI (Command Line Interface) : A means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines)
* IPOPO internal shell : IPOPO component allowing the management of a running IPOPO application.
* IPOPO Remote shell : IPOPO component allowing a remote access to an IPOPO internal shell.
* PKI (Public Key Infrastructure) : a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates[1] and manage public-key encryption
==1.4 References==
==1.4 References==
*The main page of the project: [[Proj-2013-2014-StartAIR-2]]
The main page of the project: [[Services étendus pour le modèle de composants iPOPO pour Python | '''IPOPO Projects''']]


==1.5 Overview of the remainder of the document==
==1.5 Overview of the remainder of the document==
The next chapter, the Overall Description section, of this document gives an overview of the functionality of the product. It describes the informal requirements and is used to establish a context for the technical requirements specification in the next chapter. The third chapter, Requirements Specification section, of this document is written primarily for the developers and describes in technical terms the details of the functionality of the product. Both sections of the document describe the same software product in its entirety, but are intended for different audiences and thus use different language.


=2. General description=
=2. General description=
==2.1 Product perspective==
==2.1 Product perspective==
The goal of this project to create two IPOPO extensions :
* An encrypted version of the IPOPO remote shell
* The creation of a PKI

The first extension will use the PKI to handle a set of users using certificates.

==2.2 Product functions==
==2.2 Product functions==
Using these two extensions, an ipopo application administrator will be able to manage users and their secured access to the IPOPO remote shell.

==2.3 User characteristics==
==2.3 User characteristics==
The users of these two extensions are any IPOPO users.

==2.4 General constraints==
==2.4 General constraints==
* Developed in python
* Compatible with python2 and python3
* Without external dependencies
* Compatible Linux and Windows

==2.5 Assumptions and dependencies==
==2.5 Assumptions and dependencies==
If necessary, the compatibility with Windows can be ignored at first.
=3.Specific requirements, covering functional, non-functional and interface requirements=
* document external interfaces,
* describe system functionality and performance
* specify logical database requirements,
* design constraints,
* emergent system properties and quality characteristics.


=3. Specific requirements, covering functional, non-functional and interface requirements=
==3.1 Requirement X.Y.Z (in Structured Natural Language)==

'''Function''':
==3.1 Requirement 1 : An encrypted remote shell server ==


'''Description''':
'''Description''':
Service allowing a client to connect with an encrypted connexion to an IPOPO remote shell. The client and the server are mutually authenticated.

'''Inputs''':
* Server Key
* Server Certificate
* Chain of certification

'''Source''':

'''Outputs''':
* A secured remote shell connection is created for every client providing an accepted certificated

'''Destination''': IPOPO application administrator

'''Action''':
* Creation of a TCP server
* SSL wrapping of every new connection
* Verification of client certificates
* Reception/Emission of encrypted messages to client

'''Non functional requirements''':
* The Server Key, certificates and chain of certification must exist

'''Pre-condition''':

'''Post-condition''':

'''Side-effects''':

==3.2 Requirement 2 : An encrypted remote shell client ==

'''Description''':
Client using a secured connection to an encrypted IPOPO remote shell server. The client and the server are mutually authenticated.


'''Inputs''':
'''Inputs''':
* Client Key
* Client Key
* Chain of certification


'''Source''':
'''Source''':


'''Outputs''':
'''Outputs''':
* A secured remote shell connection


'''Destination''':
'''Destination''': Any IPOPO user


'''Action''':
'''Action''':
* Creation of a TCP socket
* Natural language sentences (with MUST, MAY, SHALL)
* SSL wrapping of the socket
* Graphical Notations : UML Sequence w/o collaboration diagrams, Process maps, Task Analysis (HTA, CTT)
* Verification of server's certificates
* Mathematical Notations
* Reception/Emission of encrypted messages
* Tabular notations for several (condition --> action) tuples


'''Non functional requirements''':
'''Non functional requirements''':


'''Pre-condition''':
'''Pre-condition''':
* The Server Key, certificates and chain of certification must exist


'''Post-condition''':
'''Post-condition''':


'''Side-effects''':
'''Side-effects''':


==3.3 Requirement 3 : Creation of a Root Certificate Authority ==

'''Description''':
The administrator of an iPOPO application can create a root certification authority that will allow him to generate intermediate certificate authority.

'''Inputs''':
* Name of the root authority to be created

'''Source''':

'''Outputs''':
* A root certificate authority

'''Destination''': An iPOPO application

'''Action''':
* Creation of the root certification chain process

'''Non functional requirements''':

'''Pre-condition''':

'''Post-condition''':
* A root Certificate Authority does exists on the server

'''Side-effects''':

==3.4 Requirement 4 : Creation of an Intermediate Certificate Authority ==

'''Description''':
The administrator of an iPOPO application have to create both Server's key and certificate to secure and recognize the remote shell and will allow him to generate client certificates.

'''Inputs''':
* Name of the intermediate authority to be created
* Parent Certificate to sign the Intermediate Certificate Authority with

'''Source''':

'''Outputs''':
* An intermediate certificate authority

'''Destination''': An iPOPO application

'''Action''':
* Creation of a certificate chain with a root certificate

'''Non functional requirements''':

'''Pre-condition''':
* A root certificate exists on the server

'''Post-condition''':
* A new Intermediate Certificate Authority exists on the server

'''Side-effects''':

==3.5 Requirement 5 : Creation of a Client's Key and Certificate ==

'''Description''':
The administrator of an iPOPO application can create a client's certificate using an intermediate certification authority.

'''Inputs''':
* Key : type and length
* Certificate : the issuer, the subject, the public key of the subject, not after date and not before date

'''Source''':

'''Outputs''':
* A new client's certificate

'''Destination''': An iPOPO application

'''Action''':
* Creation of a new client's certificate

'''Non functional requirements''':

'''Pre-condition''':
* The intermediate certification authority does exists
* The client CSR signed with his private key

'''Post-condition''':
* New client's certificate created

'''Side-effects''':

==3.6 Requirement 6 : Revocation of a Client's Certificate ==

'''Description''':
The administrator of an iPOPO application can revoke a client's certificate to block access to the secured remote shell from it.

'''Inputs''':
* Id of the certificate to revoke

'''Source''':

'''Outputs''':

'''Destination''': An iPOPO application

'''Action''':
* Revokation of a client's certificate

'''Non functional requirements''':

'''Pre-condition''':
* The client's certificate exists and is not already revoked

'''Post-condition''':
* The client's certificate is now revoked

'''Side-effects''':



=4. Product evolution=
=4. Product evolution=

Latest revision as of 13:21, 4 April 2016

Document History
Version Date Authors Description Validator Validation Date
0.1.0 January 18, 2016 Marwan HALLAL, Rémi GATTAZ, Abdelaziz FOUNAS Creation of the document TBC TBC


1. Introduction

1.1 Purpose of the requirements document

This Software Requirements Specification (SRS) identifies the requirements for project StartAir Safe. In case of a open source project, we must present the requirement to others potential contributors. This document is a guideline about the functionalities offered and the problems that the system solves.

1.2 Scope of the product

The goal of the project is to add to IPOPO an encrypted remote shell without using external modules as much as possible. Adding this shell would allow the use of sensitive data, such as passwords, from a client to an IPOPO application.

1.3 Definitions, acronyms and abbreviations

  • IPOPO : A Python-based Service-Oriented Component Model Documentation officielle
  • Shell : A shell is a user interface for access to an operating system's services. It is accessed through a command-line interface (CLI)
  • CLI (Command Line Interface) : A means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines)
  • IPOPO internal shell : IPOPO component allowing the management of a running IPOPO application.
  • IPOPO Remote shell : IPOPO component allowing a remote access to an IPOPO internal shell.
  • PKI (Public Key Infrastructure) : a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates[1] and manage public-key encryption

1.4 References

The main page of the project: IPOPO Projects

1.5 Overview of the remainder of the document

The next chapter, the Overall Description section, of this document gives an overview of the functionality of the product. It describes the informal requirements and is used to establish a context for the technical requirements specification in the next chapter. The third chapter, Requirements Specification section, of this document is written primarily for the developers and describes in technical terms the details of the functionality of the product. Both sections of the document describe the same software product in its entirety, but are intended for different audiences and thus use different language.


2. General description

2.1 Product perspective

The goal of this project to create two IPOPO extensions :

  • An encrypted version of the IPOPO remote shell
  • The creation of a PKI

The first extension will use the PKI to handle a set of users using certificates.

2.2 Product functions

Using these two extensions, an ipopo application administrator will be able to manage users and their secured access to the IPOPO remote shell.

2.3 User characteristics

The users of these two extensions are any IPOPO users.

2.4 General constraints

  • Developed in python
  • Compatible with python2 and python3
  • Without external dependencies
  • Compatible Linux and Windows

2.5 Assumptions and dependencies

If necessary, the compatibility with Windows can be ignored at first.

3. Specific requirements, covering functional, non-functional and interface requirements

3.1 Requirement 1 : An encrypted remote shell server

Description: Service allowing a client to connect with an encrypted connexion to an IPOPO remote shell. The client and the server are mutually authenticated.

Inputs:

  • Server Key
  • Server Certificate
  • Chain of certification

Source:

Outputs:

  • A secured remote shell connection is created for every client providing an accepted certificated

Destination: IPOPO application administrator

Action:

  • Creation of a TCP server
  • SSL wrapping of every new connection
  • Verification of client certificates
  • Reception/Emission of encrypted messages to client

Non functional requirements:

  • The Server Key, certificates and chain of certification must exist

Pre-condition:

Post-condition:

Side-effects:

3.2 Requirement 2 : An encrypted remote shell client

Description: Client using a secured connection to an encrypted IPOPO remote shell server. The client and the server are mutually authenticated.

Inputs:

  • Client Key
  • Client Key
  • Chain of certification

Source:

Outputs:

  • A secured remote shell connection

Destination: Any IPOPO user

Action:

  • Creation of a TCP socket
  • SSL wrapping of the socket
  • Verification of server's certificates
  • Reception/Emission of encrypted messages

Non functional requirements:

Pre-condition:

  • The Server Key, certificates and chain of certification must exist

Post-condition:

Side-effects:


3.3 Requirement 3 : Creation of a Root Certificate Authority

Description: The administrator of an iPOPO application can create a root certification authority that will allow him to generate intermediate certificate authority.

Inputs:

  • Name of the root authority to be created

Source:

Outputs:

  • A root certificate authority

Destination: An iPOPO application

Action:

  • Creation of the root certification chain process

Non functional requirements:

Pre-condition:

Post-condition:

  • A root Certificate Authority does exists on the server

Side-effects:

3.4 Requirement 4 : Creation of an Intermediate Certificate Authority

Description: The administrator of an iPOPO application have to create both Server's key and certificate to secure and recognize the remote shell and will allow him to generate client certificates.

Inputs:

  • Name of the intermediate authority to be created
  • Parent Certificate to sign the Intermediate Certificate Authority with

Source:

Outputs:

  • An intermediate certificate authority

Destination: An iPOPO application

Action:

  • Creation of a certificate chain with a root certificate

Non functional requirements:

Pre-condition:

  • A root certificate exists on the server

Post-condition:

  • A new Intermediate Certificate Authority exists on the server

Side-effects:

3.5 Requirement 5 : Creation of a Client's Key and Certificate

Description: The administrator of an iPOPO application can create a client's certificate using an intermediate certification authority.

Inputs:

  • Key : type and length
  • Certificate : the issuer, the subject, the public key of the subject, not after date and not before date

Source:

Outputs:

  • A new client's certificate

Destination: An iPOPO application

Action:

  • Creation of a new client's certificate

Non functional requirements:

Pre-condition:

  • The intermediate certification authority does exists
  • The client CSR signed with his private key

Post-condition:

  • New client's certificate created

Side-effects:

3.6 Requirement 6 : Revocation of a Client's Certificate

Description: The administrator of an iPOPO application can revoke a client's certificate to block access to the secured remote shell from it.

Inputs:

  • Id of the certificate to revoke

Source:

Outputs:

Destination: An iPOPO application

Action:

  • Revokation of a client's certificate

Non functional requirements:

Pre-condition:

  • The client's certificate exists and is not already revoked

Post-condition:

  • The client's certificate is now revoked

Side-effects:


4. Product evolution

5. Appendices

5.1. SRS structure

The document is based on template of the Software Requirements Specification (SRS) inspired of the IEEE/ANSI 830-1998 Standard.

References:

6. Index