50 likes | 121 Views
Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Assignment #1 on Access Control and Policies September 14, 2011 Due Date: September 28, 2011. References. Lecture Notes Text Book for Class Additional Papers
E N D
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Assignment #1 on Access Control and Policies September 14, 2011 Due Date: September 28, 2011
References • Lecture Notes • Text Book for Class • Additional Papers • RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996) • UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) • http://delivery.acm.org/10.1145/510000/507722/p57-park.pdf?key1=507722&key2=2341065321&coll=ACM&dl=ACM&CFID=23616711&CFTOKEN=10325487 • DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)
Problem #1 • Consider an example application (e.g., from healthcare, defense, financial) • Specify some meaningful policies for this application that address confidentiality, privacy and trust
Problem #2 • Consider an example application where there is a need for organizations to share data • Example: Defense: Army, Navy, Air Force • Healthcare: Doctor, Hospital, Insurance company • Give meaningful security policies illustrating the need for organizations share data and yet having to enforce the policies • Policies may include confidentiality, privacy and trust
Problem #3 • Read the papers on RBAC, UCON and DCON listed in this unit • For an example application (or applications) specify policies for RBAC, UCON and DCON