Difference between revisions of "Proj-2015-2016-Extensions IPOPO/SRS"
Remi.Gattaz (talk | contribs) |
Remi.Gattaz (talk | contribs) |
||
| Line 68: | Line 68: | ||
=3. Specific requirements, covering functional, non-functional and interface requirements= |
=3. Specific requirements, covering functional, non-functional and interface requirements= |
||
| − | * document external interfaces, |
||
| − | * describe system functionality and performance |
||
| − | * specify logical database requirements, |
||
| − | * design constraints, |
||
| − | * emergent system properties and quality characteristics. |
||
| ⚫ | |||
| − | |||
| ⚫ | |||
'''Description''': |
'''Description''': |
||
| + | Service allowing a client to connect with an encrypted connexion to an IPOPO remote shell. The client and the server are mutually authenticated. |
||
| − | Messages transmitted between the IPOPO instance and a client must be encrypted |
||
'''Inputs''': |
'''Inputs''': |
||
| + | * Server Key |
||
| − | '''Source''': |
||
| + | * Server Certificate |
||
| − | |||
| + | * Chain of certification |
||
| − | '''Outputs''': |
||
| − | |||
| − | '''Destination''': |
||
| − | |||
| − | '''Action''': |
||
| − | * |
||
| − | |||
| − | '''Non functional requirements''': |
||
| − | |||
| − | '''Pre-condition''': |
||
| − | |||
| − | '''Post-condition''': |
||
| − | |||
| − | '''Side-effects''': |
||
| − | |||
| − | |||
| ⚫ | |||
| − | |||
| − | '''Description''': |
||
| − | Clients certificates are generated by an administrator of an IPOPO application. This certificate is signed using the private certificate of the same application and will be used to remotely access to the IPOPO shell. |
||
| − | |||
| − | '''Inputs''': |
||
| − | User informations. It includes name and email. |
||
'''Source''': |
'''Source''': |
||
| − | The information is given by the user to the IPOPO application administrator. |
||
'''Outputs''': |
'''Outputs''': |
||
| + | * A secured remote shell connection is created for every client providing an accepted certificated |
||
| − | A new certificate signed with the application private certificate. |
||
| − | '''Destination''': |
+ | '''Destination''': IPOPO application administrator |
| − | The created certificate is given to the user designated in the meta-information of the certificate. |
||
'''Action''': |
'''Action''': |
||
| + | * Creation of a TCP server |
||
| − | * A user must ask for the creation of a certificate to the administrator of an IPOPO application. He will provide his name and his mail address with his request |
||
| + | * SSL wrapping of every new connection |
||
| − | * The administrator shall generate a new certificate using the given information. |
||
| ⚫ | |||
| − | * The administrator will send the generated certificate to the user who asked for it |
||
| + | * Reception/Emission of encrypted messages to client |
||
| − | |||
'''Non functional requirements''': |
'''Non functional requirements''': |
||
| + | * The Server Key, certificates and chain of certification must exist |
||
| − | * Easy to use |
||
| − | * The generation can be done on any Linux system (and windows ?) |
||
'''Pre-condition''': |
'''Pre-condition''': |
||
| − | The administrator must have a server (private) certificate |
||
'''Post-condition''': |
'''Post-condition''': |
||
| − | Users are identifiable from the certificate they are using |
||
'''Side-effects''': |
'''Side-effects''': |
||
| − | None |
||
| ⚫ | |||
| − | |||
| ⚫ | |||
'''Description''': |
'''Description''': |
||
| − | Client |
+ | Client using a secured connection to an encrypted IPOPO remote shell server. The client and the server are mutually authenticated. |
'''Inputs''': |
'''Inputs''': |
||
| + | * Client Key |
||
| − | Information identifying a single certificate ( email address ?). |
||
| + | * Client Key |
||
| + | * Chain of certification |
||
'''Source''': |
'''Source''': |
||
'''Outputs''': |
'''Outputs''': |
||
| + | * A secured remote shell connection |
||
| − | An entry is added in the application's revocation list. |
||
| − | '''Destination''': |
+ | '''Destination''': Any IPOPO user |
'''Action''': |
'''Action''': |
||
| + | * Creation of a TCP socket |
||
| − | * The IPOPO administrator decides to revoke a certificate and retrieve its id. |
||
| + | * SSL wrapping of the socket |
||
| − | * The IPOPO administrator revokes a certificate and an entry is added to the revocation list of the application |
||
| + | * Verification of server's certificates |
||
| + | * Reception/Emission of encrypted messages |
||
'''Non functional requirements''': |
'''Non functional requirements''': |
||
| − | |||
'''Pre-condition''': |
'''Pre-condition''': |
||
| + | * The Server Key, certificates and chain of certification must exist |
||
| − | The soon to be revoked certificate must be valid and identified |
||
'''Post-condition''': |
'''Post-condition''': |
||
| − | The revoked certificate cannot be used to access the remote shell anymore |
||
'''Side-effects''': |
'''Side-effects''': |
||
| − | Modify the revoked certificate list on the remote-shell accessible IPOPO instances |
||
| + | ==3.3 Requirement 3 : Creation of a Certificate Authority == |
||
| + | ==3.4 Requirement 4 : Creation of a Server's Key and Certificate == |
||
| + | ==3.5 Requirement 5 : Creation of a Client's Key and Certificate == |
||
| + | ==3.6 Requirement 6 : Revocation of a Client's Certificate == |
||
=4. Product evolution= |
=4. Product evolution= |
||
Revision as of 18:35, 7 March 2016
| Version | Date | Authors | Description | Validator | Validation Date | |
|---|---|---|---|---|---|---|
| 0.1.0 | January 18, 2016 | Marwan HALLAL, Rémi GATTAZ, Abdelaziz FOUNAS | Creation of the document | TBC | TBC |
1. Introduction
1.1 Purpose of the requirements document
This Software Requirements Specification (SRS) identifies the requirements for project StartAir Safe. In case of a open source project, we must present the requirement to others potential contributors. This document is a guideline about the functionalities offered and the problems that the system solves.
1.2 Scope of the product
The goal of the project is to add to IPOPO an encrypted remote shell without using external modules as much as possible. Adding this shell would allow the use of sensitive data, such as passwords, from a client to an IPOPO application.
1.3 Definitions, acronyms and abbreviations
- IPOPO : A Python-based Service-Oriented Component Model Documentation officielle
- Shell : A shell is a user interface for access to an operating system's services. It is accessed through a command-line interface (CLI)
- CLI (Command Line Interface) : A means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines)
- IPOPO internal shell : IPOPO component allowing the management of a running IPOPO application.
- IPOPO Remote shell : IPOPO component allowing a remote access to an IPOPO internal shell.
- PKI (Public Key Infrastructure) : a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates[1] and manage public-key encryption
1.4 References
The main page of the project: IPOPO Projects
1.5 Overview of the remainder of the document
The next chapter, the Overall Description section, of this document gives an overview of the functionality of the product. It describes the informal requirements and is used to establish a context for the technical requirements specification in the next chapter. The third chapter, Requirements Specification section, of this document is written primarily for the developers and describes in technical terms the details of the functionality of the product. Both sections of the document describe the same software product in its entirety, but are intended for different audiences and thus use different language.
2. General description
2.1 Product perspective
The goal of this project to create two IPOPO extensions :
- An encrypted version of the IPOPO remote shell
- The creation of a PKI
The first extension will use the PKI to handle a set of users using certificates.
2.2 Product functions
Using these two extensions, an ipopo application administrator will be able to manage users and their secured access to the IPOPO remote shell.
2.3 User characteristics
The users of these two extensions are any IPOPO users.
2.4 General constraints
- Developed in python
- Compatible with python2 and python3
- Without external dependencies
- Compatible Linux and Windows
2.5 Assumptions and dependencies
If necessary, the compatibility with Windows can be ignored at first.
3. Specific requirements, covering functional, non-functional and interface requirements
3.1 Requirement 1 : An encrypted remote shell server
Description: Service allowing a client to connect with an encrypted connexion to an IPOPO remote shell. The client and the server are mutually authenticated.
Inputs:
- Server Key
- Server Certificate
- Chain of certification
Source:
Outputs:
- A secured remote shell connection is created for every client providing an accepted certificated
Destination: IPOPO application administrator
Action:
- Creation of a TCP server
- SSL wrapping of every new connection
- Verification of client certificates
- Reception/Emission of encrypted messages to client
Non functional requirements:
- The Server Key, certificates and chain of certification must exist
Pre-condition:
Post-condition:
Side-effects:
3.2 Requirement 2 : An encrypted remote shell client
Description: Client using a secured connection to an encrypted IPOPO remote shell server. The client and the server are mutually authenticated.
Inputs:
- Client Key
- Client Key
- Chain of certification
Source:
Outputs:
- A secured remote shell connection
Destination: Any IPOPO user
Action:
- Creation of a TCP socket
- SSL wrapping of the socket
- Verification of server's certificates
- Reception/Emission of encrypted messages
Non functional requirements:
Pre-condition:
- The Server Key, certificates and chain of certification must exist
Post-condition:
Side-effects:
3.3 Requirement 3 : Creation of a Certificate Authority
3.4 Requirement 4 : Creation of a Server's Key and Certificate
3.5 Requirement 5 : Creation of a Client's Key and Certificate
3.6 Requirement 6 : Revocation of a Client's Certificate
4. Product evolution
5. Appendices
5.1. SRS structure
The document is based on template of the Software Requirements Specification (SRS) inspired of the IEEE/ANSI 830-1998 Standard.
References:
- http://www.cs.st-andrews.ac.uk/~ifs/Books/SE9/Presentations/PPTX/Ch4.pptx
- http://en.wikipedia.org/wiki/Software_requirements_specification
- IEEE Recommended Practice for Software Requirements Specifications IEEE Std 830-1998