CS 414 Homework 5: Counts Double

Due in Class on Tuesday, Nov. 30

 

Write a one-page essay on the following topic. Your essay does not need to include references unless you quote other sources.  It should be typed, using 10, 11 or 12-point font, with 1 and 1/2 line spacing, and margins no less than .75 inches and no more than 1 inch. 

 

In class we’ve learned about a lot of mechanisms from which security solutions can be built: user-id and group-id features, access control lists and ways of encoding access permissions, key infrastructures and mechanisms like Kerberos.

 

Suppose that you are working with a powerful operating system that offers all of these options.  Your job is to design and implement a security solution for Gotham Hospital, which has a special role and positional access policy.  This is how the policy will work:

 

1.      Each patient has a designated doctor and a current unit.  The doctor can access the patient’s entire record.

2.      At the bedside there is a special computing system.  From this location, any nurse or doctor associated with the unit can pull up the patient’s record (even a doctor who is not the designated doctor for the patient.)

3.      In an emergency, any person can access the patient’s record from the bedside location with no delays of any kind. 

4.      For purposes of medical consulting, any doctor can access any record, but needs to enter their personal password at the time of the access, and the system must keep a log of these special “unusual” access requests for audit purposes. 

5.      Throughout the hospital there are devices and laboratories that can send updates for a patient’s record.  Computers in these units can be logged in once when they are activated but then need to run automatically.

6.      For administrative convenience, most files and databases live on a big server down in the basement.

 

In your one-page essay, either explain how this problem can be solved using the mechanisms available in the operating system, or explain why existing security tools are inadequate to solve parts of this problem.  If necessary, you can introduce assumptions: for example, that the data for each patient is stored in a separate file.  However, impractical assumptions may lead to a lower grade.

 

Note: This essay will be graded by Professor Birman personally, and will count twice as much towards your homework grade as any other homework.  The reason for including an essay in cs414 is that many people, in their jobs, need to write short technical memos from time to time, explaining to management what they propose to do to solve a problem, and how the solution will work (or why it can’t be done).  This is also true for people who may have to write technical documentation.  Your ability to organize your thoughts in a clear, concise way is an important technical skill.  We will not favor native English writers over foreign students, but the ability to organize your points and to make them clearly is very important for this type of short essay.  The grades will reflect this point of view.