CSG 379 Midterm ==================================================== Karl Lieberherr October 2004 Question 1: =========== 19 UNKNOWNs, 3 points each Consider the following class dictionary, program, input and output: Find the UNKNOWNs in the program. The programs checks the simple Chinese Wall Policy from hw 4. Note that the class dictionary has been improved at several places. It is recommended that you study the class dictionary carefully. The key changes: We can now deal with multiple transitions. The state also stores the previous conflict of interest types. Also note that the program executes multiple automata. The following was used to compile: dajc program.cd *.java *.trv The following was used to run: daj Main program.input /////////////////////////////////////////////// // program.cd // Security Automaton extended for Chinese Wall Policy // for one subject ChineseWallPolicyChecker = List(ChineseWallAutomaton) EOF. ChineseWallAutomaton = "Chinese" "Wall" "automaton" AutomatonName "currentState" State ["startState" State] ["transitions" List(Transition)] "groups" List(Group) "citypes" List(CIType) "history" List(Access). State = List(Group) List(CIType). Access = ObjektId "group" Group. Group = GroupName ["citype" CIType]. CIType = CITypeName. Transition = Access. // has boolean exec() method that checks Chinese Wall Policy: // newAccess.group gives group g1 // if g1 in ChineseWallPolicyChecker.currentState ok else // if g1.citype is different from previous types ok else denied ObjektId = Ident. GroupName = Ident. CITypeName = Ident. AutomatonName = Ident. List(S) ~ "(" {S} ")". /////////////////////////////////////////////// // Main.java import edu.neu.ccs.demeter.*; import java.io.File; class Main { protected String s; public Main(String s) { super(); this.s = s; } public static void main(String args[]) throws Exception { ChineseWallPolicyChecker m = ChineseWallPolicyChecker.parse(new File(args[0])); m.UNKNOWN1(); System.out.println("done"); } } /////////////////////////////////////////////// // Execute.trv aspect Execute{ declare strategy: eachAutomaton: "UNKNOWN2"; declare traversal : void execAutomata(): eachAutomaton(ExecVisitor); declare strategy: eachGroupName: "UNKNOWN3"; declare traversal : CIType findCIType(String groupName): eachGroupName(FindCIVisitor); } /////////////////////////////////////////////// // ExecVisitor.java import edu.neu.ccs.demeter.*; import java.io.File; class FindCIVisitor { FindCIVisitor(String grpN){ groupName = grpN; } String groupName; Group currentGroup; Group result; void before (Group host) { currentGroup = host; } void before (GroupName host) { if (host.ident.toString().equals(groupName)) { result = currentGroup; }; } Object getReturnValue() {return result.cIType;} } class ExecVisitor { ChineseWallAutomaton current; void before (ChineseWallAutomaton host){ UNKNOWN4; System.out.println(); System.out.println(host.automatonName.ident + " automaton name "); System.out.println(); } void before (Transition host){ Group g1 = host.newAccess.group; Group_List cgl = current.currentState.g_accesses; CIType_List ctl = current.currentState.t_accesses; boolean ok = false; // cit will be defined and used only if not ok CIType cit = new CIType(null); if (UNKNOWN5) { System.out.println(" ok: group found +++++++++++++ "); ok = true; } else { System.out.println(" group NOT found "); cit = UNKNOWN6.UNKNOWN7.UNKNOWN8 (g1.groupName.ident.toString()); System.out.println(" search for CIType of group " + g1.groupName.ident.toString()); System.out.println(" found CIType = " + cit.cITypeName.ident.toString()); if (UNKNOWN9) { System.out.println(" not ok: conflict of interest "); ok = false; } else ok = true; } if (!ok) { System.out.println(" Chinese Wall Violation !!!!!!!! "); } else { int g_accessCount = cgl.size(); System.out.println(g_accessCount + " number of groups accessed in current state "); // add to lists cgl.add(new Group(g1.groupName,null)); ctl.add(new CIType(cit.cITypeName)); System.out.println(" added to current state "); g_accessCount = cgl.size(); System.out.println(g_accessCount + " number of groups accessed in next state "); } } } /////////////////////////////////////////////// // InterType.java aspect InterType { public boolean Group.equals(Object g){ System.out.println(" compare " + UNKNOWN10.UNKNOWN11.UNKNOWN12.toString() + " with " + ((Group) g).UNKNOWN13.UNKNOWN14.toString()); return (UNKNOWN15.UNKNOWN16.UNKNOWN17.toString().equals( ((Group) g).UNKNOWN18.UNKNOWN19.toString())); } public boolean CIType.equals(Object g){ System.out.println(" compare " + this.cITypeName.ident.toString() + " with " + ((CIType) g).cITypeName.ident.toString()); return (this.cITypeName.ident.toString().equals( ((CIType) g).cITypeName.ident.toString())); } } /////////////////////////////////////////////// ( Chinese Wall automaton consultant_Mary currentState (Shell) (Oil) startState () () transitions (oid_research group Mobil x group UBS y group ZKB) groups (Shell citype Oil Mobil citype Oil UBS citype Bank ZKB citype Bank) citypes (Oil Bank) history (oid1 group Shell oid2 group Shell oid3 group Shell) Chinese Wall automaton consultant_John currentState (Winterthur UBS) (Insurance Bank) transitions (oid_research group AllState x group UBS) groups (AllState citype Insurance Winterthur citype Insurance UBS citype Bank) citypes (Insurance Bank Retail WholeSale) history (oid1 group Winterthur oid3 group UBS ) Chinese Wall automaton consultant_Karl currentState (Shell) (Oil) transitions (oid_research group Mobil x group Shell y group Shell z group Mobil) groups (Shell citype Oil Mobil citype Oil UBS citype Bank) citypes (Oil Bank) history (oid1 group Shell oid2 group Shell oid3 group Shell) ) /////////////////////////////////////////////// // output consultant_Mary automaton name compare Mobil with Shell group NOT found search for CIType of group Mobil found CIType = Oil compare Oil with Oil not ok: conflict of interest Chinese Wall Violation !!!!!!!! compare UBS with Shell group NOT found search for CIType of group UBS found CIType = Bank compare Bank with Oil 1 number of groups accessed in current state added to current state 2 number of groups accessed in next state compare ZKB with Shell compare ZKB with UBS group NOT found search for CIType of group ZKB found CIType = Bank compare Bank with Oil compare Bank with Bank not ok: conflict of interest Chinese Wall Violation !!!!!!!! consultant_John automaton name compare AllState with Winterthur compare AllState with UBS group NOT found search for CIType of group AllState found CIType = Insurance compare Insurance with Insurance not ok: conflict of interest Chinese Wall Violation !!!!!!!! compare UBS with Winterthur compare UBS with UBS ok: group found +++++++++++++ 2 number of groups accessed in current state added to current state 3 number of groups accessed in next state consultant_Karl automaton name compare Mobil with Shell group NOT found search for CIType of group Mobil found CIType = Oil compare Oil with Oil not ok: conflict of interest Chinese Wall Violation !!!!!!!! compare Shell with Shell ok: group found +++++++++++++ 1 number of groups accessed in current state added to current state 2 number of groups accessed in next state compare Shell with Shell ok: group found +++++++++++++ 2 number of groups accessed in current state added to current state 3 number of groups accessed in next state compare Mobil with Shell compare Mobil with Shell compare Mobil with Shell group NOT found search for CIType of group Mobil found CIType = Oil compare Oil with Oil not ok: conflict of interest Chinese Wall Violation !!!!!!!! done Question 2: =========== 50 points Simple role based access control statements are described below. Design a RBAC policy language that can express those statements and similar ones. Turn in your class dictionary. ( users ( Ruth Karl ) roles ( MeetingLeader transactions (cancelMeeting removeAttendant) MeetingAttendant transactions (MinutesTaker) Clinician transactions (openMedicalRecord getPatientConsent) Patient transactions (accessMedicalHistory) Patient2 transactions () Patient3 ) subjects ( Ruth current role MeetingLeader authorized (MeetingLeader MeetingAttendant) John current role Clinician authorized () Julie current role MeetingAttendent ) users ( ) roles ( ) subjects ( ) ) Question 3: ----------- 40 points Discuss the advantages and disadvantages of AspectJ as a language for implementing security policies. Question 4: ----------- 30 points Our text book describes Principle 1: Securing the Weakest Link. Discuss a weak link in a system you know. How can you control it? Question 5: ----------- Reduction 30 points Consider the following problem (Non-Emptiness of Set Expressions): Given is a set-theoretic expression in terms of set variables. Is there an assignment of sets to the set variables so that the expression returns a non-empty set? A set-theoretic expression has the following class dictionary: E : S | C. S = Ident. C : Unary | Binary. Unary = "!" E. Binary = Op List(E). Op : Intersection | Union. Intersection = "*". Union = "+". List(S) ~ {S}. A set has the form List(Element), where Element = Ident. Show that if there is a polynomial algorithm for solving Non-Emptiness of Set Expressions, then there is a polynomial algorithm for satisfiability of boolean formulas. Give the details of the translation in English.