Assignment 2: Take-Grant Model

Assigned: 3 September, Due: 10 September (beginning of the class). BE PRECISE IN YOUR EXPLANATIONS FOR BETTER GRADES.

1. We model a system S1 using Access Control Matrix, and a system S2 using the Take-Grant Model. Give (a) two properties we can analyse for S1 but not S2, and (2) two properties we can analyze for S2 but not S1.

2. Let the following Take-grant graph be referred to as G.


    
     Answer True or False for the following, and explain your answer in at most two sentences. If True, show the G' (derived from G) for which the specific can_share property holds.
         (a) can_share (read, x, w, G)
         (b) can_share (delete, z, u, G)
         (c) can_share(g, x, y, G)

3. Assume can_share(alpha, x, y, G0) does not hold. Can we perform a set of operations on G0 using the take, grant, create, and remove rules to transform G0 into Gk such that can_share(alpha, x, y, Gk) holds? Explain.

4. Assume can_share(alpha, x, y, G0) does hold. Can we perform a set of operations on G0 using the take, grant, create, and remove rules rules to transform G0 into Gk such that can_share(alpha, x, y, Gk) does not hold? Explain.

5. Model the following using take/grant, or explain why it cannot be modeled.

A patient should be allowed to grant access to their medical record to other healthcare providers. However, only the physician or nurse who created the record should be allowed to write to it, unless both they and the patient authorize someone else to write to it.

Specifically, attempt to show a take/grant graph with healthcare providers A, B, C; patients P and Q, and records x written by A about P and y written by B about Q. Show how P can allow B to see x, and how B and Q can allow C to write y, and prove either that disallowed sharing can't happen (e.g., allowing read without patient consent, or write without consent of both), or that the take-grant model can't support this.

Turning in assignment

Submit hardcopy (preferred) or submit softcopy (HTML preferred) through blackboard. If submitting through blackboard, handing in a paper printout at the beginning of class would be appreciated. In each submission: PRINT your name, career account ID and the number of the assignment - for easy/quick access.