Database Assignment Question


(25) Q.1

The consultancy company PwX is active in several sectors (oil, finance, insurance) and has five clients {C1,C2,C3,C4,C5 } with possible conflict of interests. The clients C1 and C3 are from oil industry, C5 is from insurance industry and the clients C2 and C4 are from the finance industry. PwX stores the following documents from each client on which employees work on a project basis: C1 = {D1, D2, D3 }

C2 = {D4, D5 }

C3 = {D6 }

C4 = {D7, D8 }

C5 = {D9 }

Due to conflicts of interests from clients, PwX employs Chinese Wall policy to regulate access to sensitive resources from employees E1 and E2.

  1. Identify conflict of interest classes with explanations of how you derived them.
  2. Sketch a tree-like diagram that classifies all documents according to conflict of interest classes you identified.

(25) Q.2

Computation over encrypted data allows for the computation of a certain function on cyphertext without decrypting it:

  1. Within the context of databases, explain the advantages and disadvantages of this compared to traditional databases from the perspectives of security/privacy and performance.
  2. There are several partially homomorphic encryption schemes that allow specific computations. Well known examples include Paillier cryptosystem and El-Gamal encryption.

Choose one of these schemes and explain the steps involved in their construction.

(20) Q.3

The security administrator of an organization A defines the XACML policy below. Given the policy:

  1. Describe its semantics in plain English.
  2. Discuss what will happen if you send the following request (in simplified format) to Policy Decision Point (PDP) and why.

Request : [subject(role, Employee), subject(division, Finance), resource(resource-id, Doc1), resource(confidential, true) action(action-id, read)]

(15) Q.4

Usage Control (UCON) is the next generation access control model with a set of distinct features compared to traditional access control models such as XACML. While policies in UCON and XACML are both specified using attributes of policy elements, UCON has certain characteristics that distinguish it from XACML. Summarize these characteristics (if necessary use a concrete example).

(15) Q.5

Consider that you have a logic (first-order) based policy language that supports “AND”, “OR” , “NOT”, “IMPLIES” and “IF AND ONLY IF” operators/connectives and quantifiers FORALL and EXISTS. Define a set of basic predicates (such as may_access(s,o,r)) to specify the conflict of interest rules in the first question. Hint: For supporting confict of interests, you need stateful policies where you store who accessed what.