



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
The questions and instructions for exam 1 of the course cis/cse 774: principles of distributed access control. The exam covers topics such as calculating authorized users and permissions in role-based access control (rbac) systems, identifying rbac violations, and designing rbac components for a university electronic grading system.
Typology: Exams
1 / 6
This page cannot be seen from the preview
Don't miss anything!
Name:
CIS/CSE 774 — Principles of Distributed Access Control Exam 1 October 11, 2004
Question Points Possible
Points Received
1 12
Total 60
Instructions:
If you need more room for an answer than that given, use the back side of the pages. Be sure to leave a note indicating where the answer is.
U = {Del , Earl , Fred , Guy, Hal } P = {write loan, read balance, approve loan, sell loan, accept deposit, cash check , close acct, open acct, void transaction, fire staff } R = {Emp, Teller , AcctOfficer , LoanOfficer , MortgageOfficer , LoanSupervisor , TellerSupervisor , BranchManager } U A = {(Del , Teller ), (Earl , MortgageOfficer ), (Fred , TellerSupervisor ), (Fred , AcctOfficer ), (Guy, LoanSupervisor ), (Hal , BranchManager )} P A = {(read balance, Emp), (open acct, AcctOfficer ), (close acct, AcctOfficer , (cash check , Teller ), (accept deposit, Teller ), (write loan, LoanOfficer ), (void transaction, TellerSupervisor ), (sell loan, MortgageOfficer ), (approve loan, LoanSupervisor ), (fire staff , BranchManager )} = {(r, r), (BranchManager , r), (r, Emp) | r ∈ R} ∪ {(LoanSupervisor , MortgageOfficer ), (LoanSupervisor , LoanOfficer )} ∪ {(MortgageOfficer , LoanOfficer ), (TellerSupervisor , Teller )}
Calculate each of the following:
(a) auth users(LoanOfficer )
(b) auth users(Teller )
(c) auth permissions(MortgageOfficer )
(d) auth permissions(TellerSupervisor )
This page intentionally left blank.
As part of the system’s initial test run, the department wants to configure the system to handle just three of the department’s courses: CS 123, CS 456, and CS 789. Thus, the department has identified the following roles and permissions for this system:
R = {Fac, Grad , 123TA, 123PI , 456TA, 456PI , 789TA, 789PA} P = {R 123 , W 123 , S 123 , R 456 , W 456 , S 456 , R 789 , W 789 , S 789 }
For example, R 123 , W 123 , and S 123 are the permissions to (respectively) read, write, and submit the grades for CS 123. Provide the following RBAC components to accurately meet and fulfill all of the de- partment’s desired features/criteria:
(a) A role-hierarchy relation (a Hasse diagram is sufficient) and a permission- assignment relation P A (b) A static separation-of-duty relation to capture necessary static constraints (c) A dynamic separation-of-duty relation to capture necessary dynamic constraints
Caveat: Be careful with your definition of : make sure that there are no unintended consequences for separation of duty.