CSE591: Security Policy Frameworks
		    Scott Stoller and Annie Liu
	 Homework 3.  Version: 12Apr2005.  Due 19 Apr 2005.

1. Consider the policy: Joe is willing to share his United Potato
Farmers (UPF) credential (which proves he is a member of UPF and
entitled to selected discounts) only with members of the Better
Business Bureau (BBB).

a. Express this policy in Cassandra [BS04].  In other words, write a
policy fragment (a rule or a few rules) that expresses this policy.

b. Express this policy as an Ack policy [WL05], by defining
Ack[UPF.Member].

2. a. What performance metric do targeted ATN strategies attempt to optimize?
b. What performance metric do eager ATN strategies attempt to optimize?

3. An ATN strategy must satisfy two requirements to be useful.  One
requirement is safety, e.g., credential-combination-hiding safety
[WL05].  What is the other crucial requirement?  An informal
description is sufficient.  Hint: An ATN strategy that does nothing is
safe but not useful.


[BS04] Moritz Y. Becker and Peter Sewell.  Cassandra: Flexible Trust
Management, Applied to Electronic Health Records.  In Proceedings of
the 17th IEEE Computer Security Foundations Workshop (CSFW).  IEEE
Computer Society Press, 2004.

[WL05] William H. Winsborough and Ninghui Li.  Safety in Automated
Trust Negotiation.  Submitted to ACM Transactions on Information and
System Security.  Preliminary version appeared in Proc of IEEE
Symposium on Security and Privacy, May 2004.