Hw 7: ===== Due: december 6 Part 1: ======= Security administration is error-prone and expensive, if access privileges are specified for individual users. In order to mitigate this complexity, Role Based Access Control (RBAC) paradigm manages security at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, and each role is associated with one or more privileges that are allowed for users who belong to that role. In the emerging trend of grid applications, which are characterized by heterogeneity, involvement of multidomain authorities and highly dynamic environment, simple RBAC will not be suffcient to provide proper authentication and authorization to resources. Zhang et al. http://citeseer.ist.psu.edu/zhang03dynamic.html have proposed a dynamic context-aware access control policy which can cater to the needs of such grid applications. This mechanism of Dynamic Role Based Access Control (DRBAC) assigns roles based on the organization policies as well as the user's context. For example, if a user is accessing a resource via an insecure wireless link, she will be assigned only the role of a basic user rather than a role with much higher privileges. If the same user gets back to her office and accesses the resource through a secure link, she will be assigned the other role with higher privileges. Also, in DRBAC, depending upon the system load, the set of privileges attached to a particular role are varied. Context-aware access control in health care is discussed in the following paper: http://www.pspt.org/camera-ready/p1-hu-dynamic.pdf The task of this homework is to design a language for context-aware access control based on the paper p1-hu-dynamic.pdf Design a class dictionary for this language and implement a semantic checker for the language. Can your language express the wireless link example expressed above? Sketch how you would deploy the context-aware access control policy language. Could you use aspects like these? abstract aspect Authentication perthis(entities){ abstract pointcut entities(); abstract pointcut authenticationPlace(); private String id; after(): authenticationPlace(){ id = ; } } abstract aspect ResourceInformation perthis(resources) { abstract pointcut resources; ... } abstract aspect Authorization { abstract pointcut serviceRequest(); void around(): serviceRequest(){ } } } The above code is from: Developing secure applications through AOP: Chapter 27 by Bart De Win et al., Booktitle= "Aspect-Oriented Software Development", Title = "{Coupling Aspect-Oriented and Adaptive Programming}", Editor = "Robert Filman and Tzilla Elrad and Siobhan Clarke and Mehmet Aksit", Year = 2004, Publisher = {Addison-Wesley}, ISBN = "0-32-121976-7"