CS5430 Homework 3: Authorization Policies

General Instructions. You are expected to work alone on this assignment.

Due March 2, 10am, via CMS. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution using Word (.doc) or some ascii editor (.txt), as follows:

  1. An access control matrix is one way to depict an assignment of privileges to principals. A CS5430 student has proposed using a directed graph instead. (Recall, a directed graph is defined by (i) a set of nodes and (ii) a set of triples ("edges") of the form < n1, n2, lab > where n1 and n2 are nodes and lab is a label.) Specifically, the student proposes: And just as the access control matrix representation has commands to change the assignment of privileges, you can imagine corresponding commands to effect that change by manipulating the directed graph representation.

    Discuss the relative expressive power of these two alternatives for representing access control policies. Are there situations that can be represented in one but not the other? If so, give one; if not, give a proof that none will exist.

  2. UNIX associates some subset of the privileges r (read), w (write), and x (execute) with each file, for three categories of user id's: (i) the file's owner, (ii) members of the file's group, and (iii) all other user id's. Suppose file foo.exe contains a program. Consider the following "rules" about allowable sets of privileges regarding foo.exe. For each rule (in isolation), discuss interesting security functionality (if there is any) enabled by the rule, giving an example of its use and utility.
    1. grant x but without r or w
    2. grant r but without x or w
    3. never grant both x and w.

  3. You are consulting to a new Internet start-up company, AppropriateTube, whose value proposition is facilitating the creation and dissemination of age- and belief-appropriate videos for impressionable children. Age is measured in terms of integers (representing years since birth) and defines the minimum age of an appropriate viewer; beliefs are characterized by a set of the following terms, called content-descriptors:

    The system envisaged by AppropriateTube would work as follows.

    Give rules for how the meta-data for each video should be used by the video-viewer program and the rules for how it should be produced by the video-combiner program.