CS5430 Project: Access Control Analysis (Fall 2021)

General Instructions. You are strongly encouraged to work as part of a group of 2 students, but working alone or in a smaller group is allowed. Match-making assistance will be provided to those seeking to form groups.

Due: November 23 at 5:00pm. No late assignments will be accepted.

Submit your solution using CMS.

With discretionary access control, the system associates with each subject a separate set of privileges for accessing each object. For this assignment:

Subject names and other object names will be character strings up to 15 characters long.

Authorization triple ( S, O, p ) signifies that subject S is allowed to perform any operation on object O for which privilege p is required. At any time, the operations that the system allows to be executed are described by the set of valid authorization triples. This set might be represented by using access control lists, capabilities, and/or an access control matrix.

This assignment is concerned only with authorization triples for certain privileges: R, W, and T.

Privilege Analysis. A security administrator could be concerned about whether ( S, O, p) already is valid or could become valid because take operations were executed by some subjects. The answer to this safety question can be determined by using a program to analyze the set of valid authorization triples.

The input to such an analyzer is a sequence of lines. Each line contains either a single syntactically correct command or a comment. The syntax of each command is detailed below. The syntax of comments allows any text that is not a syntactically correct command. Input lines are processed in the order read. The processing of a command is explained below. To process a comment, that comment is simply copied to the output. Any sequence of comments and commands is allowed.

The Add and Query commands facilitate privilege analysis. Initially, no authorization triple is valid. Add asserts that an authorization triple has become valid; query ascertains whether an authorization triple is already valid or could become valid by some series of take operations.

For an Add or Query command to be considered syntactically correct, we require:

The command syntax and operational interpretations are:

Building the Analyzer

Implement the analyzer. It should should support analysis of systems involving at least 40 subjects and at least 40 files (though supporting larger numbers of subjects and files in fine). The analyzer will be invoked with two arguments: a Unix file name for a file containing the input, a Unix file name to which output will be written. This is an example of a trivial input file; your analyzer should generate an output file that looks like this.

You may develop your system anywhere. But we will grade your system by running it on the Linux hosts in UGCLab. So use a programming or scripting language available within this environment, and use Linux hosts in UGCLab to test what you will submit.

Submissions that do not run on the Linux hosts in UGCLab will receive no credit for executing correctly. Login to the UGCLab computers and test your system before you submit it, leaving plenty of time to make changes that may be needed.

What to submit. CMS will be set-up for submissions comprising the following elements.

Grading Criteria. Here is a rough breakdown of the relative importance of each piece of this project.