The security policy should define who access to what (departments.
chairs, dean office, registration office, human resources,
students, TAs etc). Your answer may vary depending on the
logical explanation that you provide.
Design an authentication mechanism that is immune to over
the shoulder attacks. You must demonstrate the robustness of
your design through implementation. While there are several
works in this area, you need to outline how your design is
different and what are the improvements.