1 / 9

Alpha Release

Only the best, most secure online Boggle™ clone ever to be produced at GWU. Alpha Release. Tuesday, October 25, 2011. Chris Krawiec Steven Moxley. Kathryn Neugent Mike Shick Fan Zhang. System Purpose.

zalika
Download Presentation

Alpha Release

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Only the best, most secure online Boggle™ clone ever to be produced at GWU Alpha Release Tuesday, October 25, 2011 Chris Krawiec Steven Moxley Kathryn Neugent Mike Shick Fan Zhang

  2. System Purpose We aim to implement and secure a multiplayer P2P word game similar to Boggle™ SERVER • User Profiles • User Passwords CLIENTS • Dictionary • Points Earned

  3. Game Overview • 1. User logs and authenticates with the Joggle server • 2. User checks to see who else is online and available to play • User initiates a game with another users (or users) and they agree on • - Board Size (4 x 4 vs. 5 x 5) • - Dictionary (proper nouns vs. no proper nouns) • - A random seed value • 4. The seed value is then used to generate the game board for each player • 5. The game begins and each player has a set amount of time to find words (which are automatically checked against the board) • 6. After the timer expires, clients report their words which are then checked against the dictionary • 7. Finally, scores are tallied and saved by the client.

  4. Threat Analysis • External Adversary that desires to gain control of the game server, access to users’ profile data or disrupt the game service. Limited skill level, small amount of resources • Authenticated Player that desires to exceed his/her assigned privileges on the Joggle server to view or modify stored data, manipulate the state of a game, or just generally desires to disrupt the game service or a particular game. Limited skill level, small amount of resources • Authenticated Admin or Auditor that desires to falsely manipulate an on-going game or otherwise disrupt the game service. Limited to moderate skill level, small amount of outside resources, but direct access to the operational game server and/or game server and client source code.

  5. Security Goals The System Shall … • Prevent the disclosure of a user’s password to any principal besides the game client and server • Prevent the modification of a user’s password, except by an admin or the user • Prevent access to or modification of a user’s profile, except by an admin or the user • Prevent player access to the words submitted by other players during a game • Prevent the alteration of the word lists submitted by the players at the end of a game • Ensure the exchange of all word lists between involved players and the server at the end of the game • Prevent the modification of the game state by players once the game state has been created and agreed upon by the involved players • Prevent the unauthorized modification of the game client and server

  6. System Backlog DONE AND IN GUI • A non-random Joggle board is generated based on a seed value • A player can then type in a word that appears on the board • The word is then checked against the board • If the word is on the board, the word is added to a “words found” list • Words can be checked against a dictionary using binary search

  7. System Backlog IMPLEMENTED IN CODE, NOT IN GUI • Player profiles and accounts exist and can be created • Player information (except their password) is saved in database • New games can be created • Players can join games that haven’t started yet • Client and Server can communicate basic player information, seed value, etc.

  8. System Backlog NOT IMPLEMENTED • Player passwords • Player authentication • Ranking based on points • Adding or deleting words from the dictionary • Auditing and logging (though, many helper methods have been created) • Administrator tasks (reset password, watch game) • Encrypted communications between client and server

  9. Security Functionality We have no security functionality being delivered in this milestone.

More Related