This lab will be based on information taken from the following case study:

Evered, M. and Bogeholz, S., A case study in access control requirements for a health information system, Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation, 32, 53--61, 2004.

The case study is based on a Health Information System for an aged-care facility. The facility offers single room accommodation for some 30 residents.

Users - For this lab, we will use 10 users:

Gloria (Manager) [username: gloria]

Linda (Health Care Worker) [username: linda]

Ian (Health Care Worker) [username: ian]

Mary (Doctor) [username: mary]

Markus (Doctor) [username: markus]

Margaret (Patient) [username: margaret]

George (Patient) [username: george]

Russell (Patient) [username: russell]

Patricia (Patient) [username: patricia]

Mangle (admin/superuser) [username: amangle]

The audit scripts will be tested using the admin/super user.  All usernames must be as listed above for auditing purposes.

Data

-Personal Information

Static data entered into the system when a resident is admitted. This includes personal details such as name, sex, religion etc., medical insurance information; medical information such as blood group, allergies etc.; contact details for the resident's doctor; contact details of a responsible person who is to be contacted in emergencies; and contact details for whom, if the resident is not mentally capable, can make decisions and provide signatures on behalf of the resident.

-Care Plan

This is a working document that contains detailed information and instructions regarding the day-to-day care of the resident, eg. assistance required with meals, hygiene etc. A care plan is started for each resident on admission and is updated on a regular basis. Old versions of the care plan are archived.

-Progress Notes

These are observational entries covering such aspects as physical mobility, appetite, behavior, mood and the general state of the resident. Progress notes are used to update the care plan. Progress notes older than one year are also archived.

-Medical Records

A number of different doctors visit the facility with one doctor visiting each week on 'clinical day'. Residents can choose which of these doctors they wish to attend to them. The facility requires that each resident undergo a medicalexamination at least every six months and medication is reviewed at least every three months. After each examination the doctor adds an entry to the medical records of the patient.

Access Rules

-Manager

Has the broadest access to the information, including access to personal, financial, clinical and medical information about each resident.

The manager has full control of past and present medical records and is the only person who can rename or delete records from the system

Only the manager is allowed to edit personal information and to start or update the care plan of a resident. The care plan is updated in consultation with the resident or the responsible person.

Only the manager is allowed to delete the information about a resident but here also that right is restricted. Privacy laws require that the information be held for a certain period after a resident leaves the facility.

-Health Care Workers

Health care workers can view the care plan for each resident and add progress note entries based on their observations.

Access to emergency details is available for all staff.

Health care workers can view recent medical records of residents (up to one year old) but cannot normally view older medical information. For a special purpose, access to an older medical record can be sought and obtained from the manager.

-Doctors

Doctors have access to all the medical information of all residents and can add entries to their medical records.

Doctors can also add private notes about a resident, which, on the basis of doctor-patient confidentiality, are not visible to health care staff or the manager.

-Residents

Privacy laws require that a person should have full access to any information stored about them (unless the well-being of a third party would be jeopardized by revealing the information). Assume that residents have access to the information but must request any change to records to be made by the manager.

Normally a system like this would be implemented using a database but since this is an OS security lab for access control, we will assume that the system is to be implemented using a file system.  In this lab you will design a file system and access control structure to support this scenario. I would recommend first designing your directory tree structure and for each directory, design an access control list.  Feel free to work on the design in groups or one big group because this will likely require a number of perspectives.

Implementation-

Write a script to implement your file system.  When the script is run it should create all directories, users, groups, and assign permissions based on your access control design.  You can write your script to implement your access control scheme in either Linux or Windows.  In Linux you should write a BASH script using the ACL package to set fine grained permissions

Deliverables:

You should prepare a report consisting of the following information:

1) A written description of the directory and security group structure that you used and evidence of its implementation in Linux.The policy has been given to you and the deliverable is the model. 

a. A summary of the directory and security group

b. A diagram of the directory structure including groups structure

c. A diagram with the directory with groups and security structure

d. Supporting justification for b and c in written format to support the auditors and explain why the model was created

2) Your BASH script that sets up the directory structure, users, groups, and access structure. Building off your model from deliverable one, you will select the mechanism (Bash) and implement the model

a. A script in BASH that will

i. Create users

ii. Places the users in the proper groups

iii. Creates the directories for each users

iv. Creates the access structure

v. Places blank files in each directory [test.txt]

3) Write about your experience implementing the ACLs.  Based on the set of permissions offered by the operating system, was it possible to implement all of the access control constraints required by the case study?

a. Details the challenges encountered and addressed when implementing ACL in at least two paragraphs

b. Details best practices for future implementations for classmates and future students

4) You will develop an audit script using BASH and perform an audit to verify the policies, models, and implementations are appropriate. A report must be submitted based on the reports of the audit identifying where the results that did correspond to the policy created in the first deliverable.

a. A script (BASH) that will automatically audit a system to determine if the implemented ACL meets the policy standard.  This will be created off your interpretation of the policy/model but applied to someone else's system.  The program should provide a pass/fail for each user.  If all users pass, an overall pass score should be displayed other wise the audit will fail.  This will be tested / implemented in class

Resources for Linux ACL package:

http://www.tecmint.com/secure-files-using-acls-in-linux/

Bash Scripting:

http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html

http://www.tldp.org/LDP/abs/html/

Power Shell:

http://technet.microsoft.com/en-us/library/bb978526.aspx

http://www.powershellpro.com/

Only question 1 and 2 are required.