[Solved] CS3750 Homework7-program to implement a simplified NIST RBAC model

Part II: Task I . Write a Java program to implement a simplified NIST RBAC model. (The topology and examples here

1. Data structures: it is up to you to choose appropriate data structures to maintain role hierarchy, user-role matrix, role-object matrix, etc.
2. Role Hierarchy: this program must support role hierarchy defined in NIST RBAC.
   • This program reads a role hierarchy from file txt. Each line in this file is formatted as <ascendant> <descendant>. For example, for the role hierarchy on the right, the first several lines in roleHiearchy.txt is

R8 R6

R9 R7

R10 R7

• The contents of this text file must be validated to enforce the limited role hierarchies defined in NIST RBAC (See the slide titled Hierarchical RBAC). For an invalid file, (1) close the file, (2) display invalid line is found in roleHierarchy.txt: line <line # of the first invalid line>, enter any key to read it again to allow user to fix the problem, (3) once reading any user input, go back to 2. Continue if its valid.
• Display the role hierarchy top down. If you may display it as a tree, it is great. Otherwise, the following format is fine.

R1>R2, R3

R2>R4, R5, R6 R3>R7

3. Objects: This program reads all resource objects from file txt, which contains ONE line. For example,

F1 F2 F3 F4 P1 P2 P3 D1 D2

• Validate objects for duplication. For an invalid file, (1) close the file, (2) display duplicate object is found: < object>, enter any key to read it again to allow user to fix the problem, (3) once reading any user input, go back to 1. Continue if its valid.
• Display the current role-object matrix with null entries. If necessary, you may break this matrix into multiple sub-matrices for displaying by limiting up to 5 columns per sub-matrix. For example,

R1 R2 R3 R4 R5

R1

R6 R7 R8 R9 R10

R1

4. Granting Permissions to Roles with Inheritance:

MSU Denver, M&CS CS 3750-001: Computer and Network Security, Fall 2019 Dr. Weiying Zhu

• This program must support role inheritance described as the upper role includes all of the access rights of the lower role, as well as other access rights not available to the lower role in the slide titled Role Hierarchy. In 3, 4.4, and 4.5, whenever a permission is granted to a role, it must be inherited by all the descendants of this role.
• Redundancy must be avoided. For example, when adding read by R2 to F1, if read is already there, dont add it again.
• Update the role-object matrix to grant control by EACH role to itself. (See 1). E.g., R8, R6, R2, and R1 control R8.
• Update the role-object matrix to grant own by the descendent of EACH role to it. (See 1). E.g., R6, R2, and R1 own R8.
• This program also reads permissions to roles from file txt. Each line in this file is formatted as <role> <access right> <object>, where a permission is an access right to an object. For example, after reading the following two lines, R6, R2, and R1 have write* to F3, and R2 and R1 have seek to D1.

R6 write* F3

R2 seek D1

• Display the current role-object matrix in the same format as what is used in step 3.2.

5. SSD: This program reads mutually exclusive (when n = 2) and cardinality constraints (when n>= 3) from file txt.
   • Each line includes a constraint given by the value of n and a set of roles. For example,

3 R2 R4 R5 R6 R8

2 R1 R2 R4

Note: n MUST be >= 2 to be valid. For an invalid case, (1) close the file, (2) display invalid line is found in roleSetsSSD.txt: line <line # of the first invalid line>, enter any key to read it again to allow user to fix the problem, (3) once reading any user input, go back to Step 5. Continue if its valid.

• Display all the constraints, one in a line. For example,

Constraint 1, n = 3, set of roles = {R2, R4, R5, R6, R8}

6. This program constructs the user-role matrix by reading file txt. Each line is formatted as <user> <list of roles>.
   • While reading each line and updating the user-role matrix, the SSD constraints configured in Step 5 must be enforced. It is also invalid if two or more lines contain the same user. For an invalid file, (1) close the file, (2) display invalid line is found in usersRoles.txt: line <line # of the first invalid line> due to <constraint #? or duplicated user>, enter any key to read it again to allow user to fix the problem, (3) once reading any user input, go back to Step 6. Continue if its

U1 R2 R5

• Display the user-role matrix. For example,

R1 R2 R3 R4 R5 R6 R7 R8 R9 R10

U1 + +

7. Query for a given User, a given pair of User and Object, or a given combination of (User, Access Right, Object)
   • Display the following messages to get three user inputs: user, object, and accessRight.

Please enter the user in your query:

Please enter the object in your query (hit enter if its for any):

Please enter the access right in your query (hit enter if its for any):

• if user isnt in the user-role matrix, display invalid user, try again. and go back to Step 7.1. Otherwise, continue.
• if object and accessRight are empty, display all the objects that this user has access rights to as <object> <list of access rights to this object>, and then go to Step 7.7. Otherwise, continue. To keep it simple, if a user has the same or different lists of access rights to the same object due to different roles assumed by this user, you dont have to merge them. For example,

R4 control, own

F1 read, write, execute

R4 own

• if object isnt in the user-role matrix, display invalid object, try again. and go back to Step 7.1. Otherwise, continue.
• if accessRight is empty, display all the access rights this user has to this object and go to Step 7.7. Otherwise, continue.
• check whether this user has the given accessRight to this object. If yes, display authorized, otherwise, display rejected.
• Display Would you like to continue for the next query? If the user inputs yes, go back to Step 7.1. Otherwise, exit.

Task II (10%): Test your program on cs3750a.

1. MAKE a directory HW07 under your home directory on msdenver.edu.
2. UPLOAD, COMPILE, and TEST your program under HW07 on msdenver.edu.
3. SAVE ALL your .txt input files and a file named txt under HW07 on cs3700a.msudenver.edu, which captures the outputs of your program when you test it. You can use the following commands to redirect the standard output (stdout) to a file on UNIX, Linux, or Mac, and view the contents of the file

java prog_name_args | tee testResults.txt //copy stdout to the .txt file cat file-name //display the files contents.