CS5430 Extra Credit Assignment: Security Policy Analysis

Due Friday April 22, 5pm. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution as .doc, .docx, or .pdf, as follows:

• Use 10 point or larger font.
• Start each problem's solution on a new page.
• Use at most 5 pages for the entire solution.
• Put your name and net id on each page. Failure to do so will result in a grade deduction.

Facebook users have some level of control over who can see information they post. Thus, Facebook must enforce some kind of authorization policy. Describe that policy. Your exposition should be at the same level of detail as found the on-line course notes. Use the vocabulary, as appropriate, for authorization policies we have employed in our discussions: subjects, objects, operations, privileges, roles, groups, etc. Be sure to explain when a subject is allowed (if at all) to change the authorization relation.