|
Type of assignment: This assignment should be done in groups.
Note: The assignment submission should clearly list the student members of the group, their names, and student numbers on the first page.
Points: The maximum number of points for this assignment is 60, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.
Format:
- Assignment submissions are accepted in the following formats only: HTML (extension .html), PDF (.pdf), RTF (.rtf) , ASCII text (.txt). Assignments submitted in any other format will be discarded. All text in the assignment submissions must be typed and figures plotted to be easy to read and understand. Spelling, grammar, and other language errors will result in fewer points credited to the corresponding problem solutions.
- Your submission file should be named to reflect the names of the group members, and the assignment number, e.g., alice_bob-assignment_3.pdf.
Scenario
For most of the problems in this assignment, the following scenario will be used:
Your group is charged with security administration for WebCT for a Small University with Virtual classrooms, SUV, that plans eventually to have only 10,000 students and 1000 teaching staff. It has to configure access control mechanisms available in the WebCT to precisely enforce the following policy:
Policy 1:
- Any current student at the SUV can have read access to any course material but not assignments, surveys, chats, mail, grades, and online discussions.
- Each current SUV student who is registered for a course should have, in addition to the permissions granted to all current students, permissions to participates in the course online discussions and chats, respond to surveys, send and receive course e-mail, see his/her grades, and download as well as submit assignments before their due date.
- All TAs assigned to a specific course, should have, in addition to the privileges granted to all registered for the course students, permissions to download assignment submissions of all the students in the course, see students' marks, mark assignments, quizzes, and exams.
- The course instructors should have, in addition to the privileges granted the course TA(s), permissions to post course materials, assignments, surveys, quizzes, exams, and participation marks and final grades.
WebCT access control mechanism allow distinguishing among the following resources: course material, assignments, surveys, online chat rooms (2 per course and one global for all courses), e-mail, marks and grades, discussion topics, quizzes and exams.
The university has been just founded and has only few students registered for very few courses. Here are the students, TAs, and instructors for those courses taught this term:
|
Users |
Courses |
SUV 101 |
SUV 202 |
SUV 231 |
SUV 242 |
SUV 303 |
SUV 351 |
SUV 404 |
Benjamin |
student |
student |
student |
|
|
|
|
Frankie |
TA |
student |
student |
student |
student |
|
|
Chia |
|
student |
student |
student |
student |
student |
|
Owen |
|
TA |
|
student |
student |
student |
|
Rita |
|
TA |
student |
|
student |
student |
|
George |
student |
student |
student |
|
|
|
|
Andrew |
|
student |
|
student |
|
|
|
Hootan |
student |
student |
|
|
|
|
|
Jordan |
|
student |
student |
student |
|
|
|
Marko |
student |
student |
|
student |
|
|
|
Michael |
Instructor |
|
TA |
student |
student |
student |
student |
Nicolas |
|
Instructor |
|
TA |
student |
student |
student |
Askari |
|
|
Instructor |
Instructor |
Instructor |
TA |
Instructor |
Kelly |
|
|
|
Instructor |
TA |
Instructor |
|
Problems
-
(10) (DAC) Assuming that WebCT mechanisms support only discretionary access control (DAC) policies. Write down configuration of WebCT access controls that support Policy #1 for the users in the above scenario.
- (10) (BLP) Now assume that WebCT mechanisms support only Bell-LaPadula policies. Write down configuration of WebCT access controls that support Policy #1 for the users in the above scenario.
- (10) (RBAC) Now assume that WebCT mechanisms support only Role-based Access Control (RBAC) policies. Write down configuration of WebCT access controls that support Policy #1 for the users in the above scenario.
- (10) Compare and contrast DAC, BLP, and RBAC models in terms of their suitability for SUV. Consider administrative scalability, i.e., the amount of work an administrator has to do to
- add/remove a student/TA/instructor to/from a course,
- add/remove a new course (and populate/remove students, TAs, and instructors to/from it),
- reset all courses in order to get ready for a new year
Also consider the cost of single administrative mistake in the worst case, explain how much damage it could create.
- (20) (Ideal) Develop an alternative access control model that will be better than the DAC, BLP, and RBAC for the task of administering WebCT at SUV. That is, if one compares and contrasts your policy with DAC, BLP, or RBAC using the criteria from problem 4, your model will demonstrate better characteristics. Write down configuration of WebCT access controls that support Policy #1 for the users in the above scenario, assuming the mechanisms can support your model.
|