This is a take-home, open-book and open-time examination. You are required to solve it on your own using whatever material you like. Please sign and submit the following honor code statement with your solution:
I have not taken any
help on this examination from anyone and not provided any help to anyone. The solution has been entirely worked out by
me and represents my individual effort.
Please submit a typed solution with the signed honor code statement. Keep a copy for your records and reference. The process for grading the examination will be discussed later. Any clarification questions regarding the examination should be emailed to sandhu@gmu.edu. Clarifications will be posted on this page as needed.
·
and the proposed NIST standard model defined in
· David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli, Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and Systems Security (TISSEC), Volume 4, Number 3, August 2001.
a) Give a comparison of the two models (maximum length 1 page). Do not repeat a description of the 2 models. That is already available in the papers. Focus on identifying significant similarities and differences and important pros and cons.
b) Discuss whether or not the proposed NIST standard would be useful if widely adopted by the security industry (maximum length 1/2 page)
a) Discuss what kinds of separation of duties may be useful in the context of administrative roles (maximum length 1/2 page).
b) Discuss how RCL2000 may be extended to cover administrative roles (maximum length 1/2 page).
·
Sejong Oh,
Give a review of this paper and an assessment of suggested modifications to ARBAC97 (maximum length 1 page).
History: