CSE394: Security Policy Frameworks Scott Stoller Homework 1. Version: 13 Sep 2005. Due: 22 Sep 2005. ---------- Clarification (19sep2005): please implement hierarchical RBAC with general hierarchy. you do not need to implement unrestricted hierarchy or limited hierarchy. Clarification (21sep2005): tests are driven by "test drivers" (e.g., methods in a Test class that invoke several RBAC methods), not by interactive user input. therefore, there is no need for a user interface. your program should produce some output (preferably in a log file, so you can easily include it in test-output.txt) that enables you and us to determine whether your program is working correctly. your program should produce some output (on the screen or preferably in a log file) that enables you and us to determine whether your program is working correctly. ---------- Implement core RBAC and hierarchical RBAC. You do not need to implement SSD constraints or DSD constraints. The API should be based closely on the specification of RBAC in Yanhong A. Liu and Scott D. Stoller. Role-Based Access Control: A Corrected and Simplified Specification. Available from the CSE394 Announcements page. You may use any programming language except Python. Based on last week's questionnaire, no one in the class has written programs in Python anyway. An implementation of core RBAC in Python is available from a URL in the above article. You may work alone or in teams of two. There will be no teams of three; this assignment is not large enough to justify that. The goal of this assignment is to produce an executable specification, not a production-quality implementation. Therefore, your program (code with comments) should be as clear, simple, and easy-to-read as possible. Efficiency is a secondary concern. You should submit: 1. code for RBAC 2. code for testcases 3. a file called test-output.txt containing the output of your program on those test cases. 4. if your team has 2 people, a file called work-breakdown.txt summarizing in a few paragraphs the contributions of each team member. 5. a file called readme.txt with general comments. if your code has any known errors or limitations, you must list them in readme.txt. if you have nothing to say in readme.txt, you can omit it. Your testcases do not need to be completely comprehensive, but you should try to test all of the important cases. If the T.A. has doubts about the correctness of your code, he may test your code himself or ask you to make an appointment to demo your code. SUBMISSION INSTRUCTIONS (you must do both steps) 1. Submit a printout of your code for RBAC (item 1 above) in class on the due date. 2. Put all of your files in a directory with a unique name (e.g., your userid), archive the directory in a zip file or compressed tar file, and email the archive file to cse394@cs.sunysb.edu by midnight on the due date. Note: This email address is for submissions only. Questions should be posted on Blackboard or sent directly to the instructor or T.A. GRADING 80% correctness 20% clarity