Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Exam 1 for CIS/CSE 774: Principles of Distributed Access Control, Exams of Engineering

The questions and instructions for exam 1 of the course cis/cse 774: principles of distributed access control. The exam covers topics such as calculating authorized users and permissions in role-based access control (rbac) systems, identifying rbac violations, and designing rbac components for a university electronic grading system.

Typology: Exams

Pre 2010

Uploaded on 08/09/2009

koofers-user-l50-1
koofers-user-l50-1 🇺🇸

10 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Name:
CIS/CSE 774 Principles of Distributed Access Control
Exam 1
October 11, 2004
Question Points
Possible Points
Received
1 12
2 18
3 30
Total 60
Instructions:
1. This exam is an open-book, open-notes exam.
2. Legibility counts! Make sure I can read (and find!) your answers.
If you need more room for an answer than that given, use the back side of the pages.
Be sure to leave a note indicating where the answer is.
3. This test should have 6 pages (including this cover sheet). Let me know now if your
copy does not have the correct number of pages.
pf3
pf4
pf5

Partial preview of the text

Download Exam 1 for CIS/CSE 774: Principles of Distributed Access Control and more Exams Engineering in PDF only on Docsity!

Name:

CIS/CSE 774 — Principles of Distributed Access Control Exam 1 October 11, 2004

Question Points Possible

Points Received

1 12

Total 60

Instructions:

  1. This exam is an open-book, open-notes exam.
  2. Legibility counts! Make sure I can read (and find!) your answers.

If you need more room for an answer than that given, use the back side of the pages. Be sure to leave a note indicating where the answer is.

  1. This test should have 6 pages (including this cover sheet). Let me know now if your copy does not have the correct number of pages.
  1. (12 points) Consider the following collection of RBAC definitions:

U = {Del , Earl , Fred , Guy, Hal } P = {write loan, read balance, approve loan, sell loan, accept deposit, cash check , close acct, open acct, void transaction, fire staff } R = {Emp, Teller , AcctOfficer , LoanOfficer , MortgageOfficer , LoanSupervisor , TellerSupervisor , BranchManager } U A = {(Del , Teller ), (Earl , MortgageOfficer ), (Fred , TellerSupervisor ), (Fred , AcctOfficer ), (Guy, LoanSupervisor ), (Hal , BranchManager )} P A = {(read balance, Emp), (open acct, AcctOfficer ), (close acct, AcctOfficer , (cash check , Teller ), (accept deposit, Teller ), (write loan, LoanOfficer ), (void transaction, TellerSupervisor ), (sell loan, MortgageOfficer ), (approve loan, LoanSupervisor ), (fire staff , BranchManager )}  = {(r, r), (BranchManager , r), (r, Emp) | r ∈ R} ∪ {(LoanSupervisor , MortgageOfficer ), (LoanSupervisor , LoanOfficer )} ∪ {(MortgageOfficer , LoanOfficer ), (TellerSupervisor , Teller )}

Calculate each of the following:

(a) auth users(LoanOfficer )

(b) auth users(Teller )

(c) auth permissions(MortgageOfficer )

(d) auth permissions(TellerSupervisor )

This page intentionally left blank.

  1. (30 points) The Computer Science and Engineering Department at a small university has decided to develop a new electronic grading system. Here are the key features the department wants the system to handle (do not assume any permissions or restrictions other than those explictly mentioned): - Each course has some primary instructors (PIs) and teaching assistants (TAs) assigned to it. - TAs and PIs for a given course can both read and write that course’s grades; in addition, a course’s PI(s) can submit final grades. - Any faculty member can read the grades for any course. - No graduate student can ever be assigned as a TA for more than one course. - No graduate student can ever be assigned as a primary instructor for a course. - Faculty members can be assigned as either teaching assistants or primary instruc- tors for any course, and there are no limits on how they are assigned to courses. (Yes, they may even serve as both the TA and the PI for the same course; I mention this only to make your task easier.) - Because of the potential for confusion (particularly if instructors have the same students in multiple courses), the electronic grading system must not permit any- one to perform in more than one instructor role at any given time (e.g., login session).

As part of the system’s initial test run, the department wants to configure the system to handle just three of the department’s courses: CS 123, CS 456, and CS 789. Thus, the department has identified the following roles and permissions for this system:

R = {Fac, Grad , 123TA, 123PI , 456TA, 456PI , 789TA, 789PA} P = {R 123 , W 123 , S 123 , R 456 , W 456 , S 456 , R 789 , W 789 , S 789 }

For example, R 123 , W 123 , and S 123 are the permissions to (respectively) read, write, and submit the grades for CS 123. Provide the following RBAC components to accurately meet and fulfill all of the de- partment’s desired features/criteria:

(a) A role-hierarchy relation  (a Hasse diagram is sufficient) and a permission- assignment relation P A (b) A static separation-of-duty relation to capture necessary static constraints (c) A dynamic separation-of-duty relation to capture necessary dynamic constraints

Caveat: Be careful with your definition of : make sure that there are no unintended consequences for separation of duty.