Question
A small accounting firm has recently fired their security administrator for gross incompetence. They are now looking to you to help them identify some fundamental
- A small accounting firm has recently fired their security administrator for gross incompetence. They are now looking to you to help them identify some fundamental flaws such as session or separation of duty violations in the access control system he set up as follows.
Users = {Lyn, Mike, Nell, Opal, Per}
Perms = {p0, p1, p2, p3, p4, p5, p6, p7, p8, p9}
Roles = {A, B, C, D, E, F, G, H, J}
UA = {(Lyn, D), (Lyn, B), (Mike, F), (Nell, D), (Nell, F), (Mike, J), (Per, H), (Per, J), (Opal, A), (Opal, H)}
PA = {(p1, E), (p2, E), (p3, D), (p4, C), (p5, G), (p6, J), (p7, A), (p8, B), (p9, F), (p0, H)}
Role hierarchy:
SSD = {({B, C}, 2), ({G, A, F}, 3), ({B, J}, 2)}
DSD = {({H, C, J}, 3}), ({F, C, J}, 2), ({D, H, J}, 2)}
The systems current implementation also allows the sessions s1, s2, s3 as follows:
s1: user is Opal, roles are B and D
s2: user is Nell, roles are G and F
s3: user is Per, roles are J and H
Discuss whether or not each SSD and DSD constraint is violated and whether or not each session is valid in the following tables (40 points).
SSD | Violated or not | Explanation |
({B, C}, 2) |
|
|
({G, A, F}, 3) |
|
|
({B, J}, 2) |
|
|
DSD | Violated or not | Explanation |
({H, C, J}, 3}) |
|
|
({F, C, J}, 2) |
|
|
({D, H, J}, 2) |
|
|
Session | Valid or not | Explanation |
s1 |
|
|
s2 |
|
|
s3 |
|
|
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started