50 likes | 63 Views
This lecture discusses access control policies for data and applications security, including policies addressing confidentiality, privacy, and trust. It explores various models like Role-Based Access Control (RBAC), UCON, and DCON, and provides examples of policies for different application scenarios.
E N D
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #5 Assignment #1 on Access Control and Policies February 2, 2009
References • Lecture Notes • Text Book for Class • Additional Papers • RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996) • UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) • http://delivery.acm.org/10.1145/510000/507722/p57-park.pdf?key1=507722&key2=2341065321&coll=ACM&dl=ACM&CFID=23616711&CFTOKEN=10325487 • DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)
Problem #1 • Consider an example application (e.g., from healthcare, defense, financial) • Specify some meaningful policies for this application that address confidentiality, privacy and trust
Problem #2 • Consider an example application where there is a need for organizations to share data • Example: Defense: Army, Navy, Air Force • Healthcare: Doctor, Hospital, Insurance company • Give meaningful security policies illustrating the need for organizations share data and yet having to enforce the policies • Policies may include confidentiality, privacy and trust
Problem #3 • Read the papers on RBAC, UCON and DCON listed in this unit • For an example application (or applications) specify policies for RBAC, UCON and DCON