CSE394: Security Policy Frameworks
			    Scott Stoller
	 Homework 3.  Version: 1 nov 2005.  Due: 8 nov 2005.

Submit a printout in class.

1. Administrative RBAC (ARBAC), as described in Sandhu et al.'s paper
about ARBAC97, is an administrative model for RBAC with role hierarchy
but without explicit support for SSD or DSD constraints.  Consider the
following role hierarchy, where D1, D2, and D3 are roles corresponding
to different departments in the company.

   CEO
  / | \
D1  D2 D3
 \  | /
Employee

Consider an SSD constraint that an employee can be a member of at most 
one of the roles D1, D2, D3.

Write an ARBAC policy that ensures security administrator JSO1
cannot violate this policy, i.e., cannot assign an employee to D1, D2,
or D3 if the employee is already a member of one of those roles.
The ARBAC policy should also ensure that JSO1 can only assign members
of the Employee role to D1, D2, or D3.


2. Write a paragraph or two comparing Cassandra and Enterprise Dynamic
Access Control (EDAC).  What are the major differences between them?
What kinds of policies can be expressed in one and not the other?

Note: The EDAC paper uses unusual terminology.  I guess this is
because the author does not have a CS background.  in class on October
27, I explained EDAC terminology using more common terminology.
Differences in terminology are not major differences.