Aa2r}  0 U``0`@ ` ``Ppp0HH $ @d HHHH̀̀̀ff@  d Footnote TableFootnote**.\t.\t/ - :;,.!?/4 bs!4 cNTOCHeading1Heading2   PEquationVariablesGT6:,6:-:C:h:;;A;< <$lastpagenum><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear>;<$monthname> <$daynum>, <$year> <$hour>:<$minute00> <$ampm>"<$monthnum>/<$daynum>/<$shortyear><$monthname> <$daynum>, <$year>"<$monthnum>/<$daynum>/<$shortyear> <$fullfilename> <$filename> <$paratext[Title]> <$paratext[Heading1]> <$curpagenum> <$marker1> <$marker2> (Continued)+ (Sheet <$tblsheetnum> of <$tblsheetcount>)Heading & Page <$paratext> on page<$pagenum>Pagepage<$pagenum>See Heading & Page%See <$paratext> on page<$pagenum>. Table All7Table<$paranumonly>, <$paratext>, on page<$pagenum>Table Number & Page'Table<$paranumonly> on page<$pagenum> AAA!!Headings-%HTMLn5y'5|'5555@b1.FC3.@e2.C a.Cb.:@':E:G:I:K:M:O:Q:S:U:e':j:lC c.C d.C e.C 4.C  a.:n:p:r:t:v:x:z:::::::::::::::::::::::::::::;;;;; ;";$;&;(;*;C;E;G;I;K;M;O;Q;S;UF;YCFF;{;};;;;F;;;;;;;F;;;;;;;F;;;;;D FFDFFD+FDl;;;;;;;;;<< < < <<<<<<<<<=@=B=D=F=H=J=L=N=P=R=T=V=X=Z=\=^=`=b=d=f=h=j=l=n=p=r=tDn=x=z=|E=F=>?^?`?b?d?f?h?j?l?n@ @@@@@@@@@@ @"@$@&@(@*@,@.Cb.C85.C9 a.C:b.C;c.C<d.C=6.C> a.C?b.C@c.F?FAFCFECE7.CF a.CGb.CHc.CId.FGCK8.CL a.CMb.CNc.FIFKFMFOFXFZFlFn[dqdqdq HmRqHmRHRHR Footnote Hr@qHr@HzHz Single LineHqFootnote 5_  HDq HDHH Double LineHq Double Line5c 5e Hq  Single Line5h HZq  TableFootnote EGxRqEGxREPwEPw TableFootnoted5p HHˆ5xHHˆGe HHˆ5zHHˆl HHˆ5{HHˆW` HHˆ5}HHˆl HUV 5~HUV Wl4Version of   XDecember 3, 1999 3:52 pm V HUV 5HUV l H$ 5H$ WlKNovember 29, 1999 ECS 153 F ALL  1999 Page  W1 U H$ 5H$ l HUV 5HUV Ge HUV 5HUV l H$ 5H$ Ge H$ 5H$ l HHˆ5HHˆ…-- `Notes for November 29, 1999 `Greetings and Felicitations!  `Puzzle of the Day  `(ORCON (Originator Controlled; Graubert)  lDocument/information can be passed on with approval of originator; real world justification is that originac@Rtor of document trusts recipients not to release documents which they should not.  r Untrusted subject  x  marks object  O  ORCON on behalf of organization  X  and indicates it is releasable to sub0~5jects acting on behalf of organization  Y . dnot releasable to subjects acting on behalf of other organizations without  X s permission @*any copies made have the same restriction ` DAC: cant do this as the restriction would not copy over ( y  reads  O  into  C , puts its own ACL on  C )  CMAC: separate category with O ,  x ,  y .  y  wants to read  O , copy to  C ; MAC means  C  has same category as  O ,  x , 9y , so cant give  z  access to  C . "*Say a new organization  w  wants to provide data in  B  to  y  but not to be shared with  x  or  z . Cant use  O s cate-gory. Hence you get explosion of categories. kReal world parallel: individuals are briefed into a category and those represent a formal need to know npolicy that is standard across the entity; ORCON has no central clearinghouse to categorize data; originator @ makes rules.  Solution? 0Qowner of object cant change ACLs relationship with object (MAC characteristic) 4on copy, ACL is copied as well (MAC characteristic) @[access control restrictions can be tailored on a subject/object basis (DAC characteristic) >`Malicious logic `^Quickly review Trojan horses, viruses, bacteria; include animal and Thompsons compiler trick O`%Logic Bombs, Worms (Schoch and Hupp) P`)Ideal: program to detect malicious logic Q`>Can be shown: not possible to be precise in most general case R`BCan detect all such programs if willing to accept false positives S`=Can constrain case enough to locate specific malicious logic T jCan use: writing, structural detection (patterns in code), common code analyzers, coding style analyzers, @einstruction analysis (duplicating OS), dynamic analysis (run it in controlled environment and watch) Uª`(Best approach: data, instruction typing V`On creation, its type data W`4Trusted certifier must move it to type executable X`YDuffs idea: executable bit is certified as executable and must be set by trusted user ]`Practise: Trust ^`1Untrusted software: what is it, example (USENET) _`6Check source, programs (what to look for); C examples ``.Limit who has access to what; least privilege a`HYour environment (how do you know what youre executing); UNIX examples c`Practise: detecting writing d`JIntegrity check files a la binaudit, tripwire; go through signature block e`;LOCUS approach: encipher program, decipher as you execute. f gCo-processors: checksum each sequence of instructions, compute checksum as you go; on difference, comP‚@plain HHˆ5HHˆld:>!! $$:?$$"B!G Bm Z $$:A$$ l} :D%  G eHeadings Table } :F  G e } :H  G e }l:J"&l G eHeading Level }:L%' G eParagraph Format }:N&( G e Comments }l:P')l G e2 }:R(* G e Heading1 }:T)O G e d:c-- $$:d+$$½V- =:7^bf~zvrnjUX[IMQ.14FC@=:7GBm ` _ ^ ] \ [ $$:f+$$%,, l}$ :i#T1$ $W eCharacter Macros }l :k#l $W e } :m# $W e }$$H:o#.2$$H$W  e Character }l$:q#13l$$W!  e Replace With }$:s#24$$W"  e Comments }$4H:u#35$4H$W#  e }l4:w#46l4$W$  e¢ }4:y#5F4$W%  e }$”H:#<8$”H$W&  e }l”:#79l”$W'  e... }”:#8”$W(  e }$„H:#?;$„H$W)  e }l„:#:<l„$W*  e- }„:#;7„$W+  e }$tH:#B>$tH$ W,  e }lt:#=?lt$ W-  e-- }t:#>:t$ W.  e }$dH:#EA$dH$ W/  e }ld:#@Bld$ W0  e° }d:#A=d$ W1  e }$TH:#HD$TH$ W2  e }lT:#CElT$ W3  e® }T:#D@T$ W4  e }$DH:#6G$DH$ W5  e }lD:#FHlD$ W6  e© }D:#GCD$ W7  e }$ :#]M$ $ W8 eGeneral Macros } :# $ W9 e } :# $ W: e }\ :#\ $ W; e }$h:#IN$h$W<  e Macro Name }h:#MOh$W=  e Replace With }h:#NPh$W>  eHead }\:#OQ\$W?  e Comments }$h:#PR$h$W@  e }h:#QSh$WA  e }h:#RTh$WB  e }\;#S.\$WC  e }$ ;#mX$ $ WD eCross-Reference Macros } ;# $ WE e }D ;#D $ WF e }$;#UY$$ WG  e Macro Name };!#XZ$ WH  e Replace With }D;##Y[D$ WI  e Comments }$;%#Z\$$ WJ  e See Also };'#[]$ WK  eSee <$paratext> }D;)#\ID$ WL  e }$Z ;B#9b$Z $ WM eSystem Macros }Z ;D#Z $ WN e }Z ;F#Z $ WO e }\Z ;H#\Z $ WP e }$jh;J#^c$jh$ WQ  e Macro Name }jh;L#bdjh$ WR  e Replace With }jh;N#cejh$ WS  eHead }\jh;P#df\jh$ WT  e Comments }$zh:;R#eg$zh:$ WU  e StartOfDoc }zh:;T#fhzh:$ WV  e }zh:;V#gizh::$ Y 4e ����e <$defaulttitle> W����e AZe }\zh:;X#h\zh:$ WX  e }$h;z#qk$h$ W\  eEndOfLastSubDoc }h;|#jlh$ W]  e }h;~#kmh$ W^  e }\h;#lU\h$ W_  e }$Xh:;#uo$Xh:$ W`  eStartOfLastSubDoc }Xh:;#npXh:$ Wa  e }Xh:;#oqXh::$ ~ 4e b����e <$defaulttitle> }����e Ae }\Xh:;#pj\Xh:$ Wc  e }$Hh;#ys$Hh$ Wd  eEndOfFirstSubDoc }Hh;#rtHh$ We  e }Hh;#suHh$ Wf  e }\Hh;#tn\Hh$ Wg  e }$h:;#}w$h:$ Wh  eStartOfFirstSubDoc }h:;#vxh:$ Wi  e }h:;#wyh::$ { 4e j����e <$defaulttitle> z����e A|e }\h:;#xr\h:$ Wk  e }$h;#{$h$ Wl  e EndOfSubDoc }h;#z|h$ Wm  e }h;#{}h$ Wn  e }\h;#|v\h$ Wo  e }$h:;#$h:$ Wp  eStartOfSubDoc }h:;#~h:$ Wq  e }h:;#h::$ x 4e [����e <$defaulttitle> r����e Aye }\h:;#z\h:$ Ws  e }$h;#i$h$ Wt  e EndOfDoc }h;#h$ Wu  e }h;#h$ Wv  e }\h;#~\h$ Ww  e } ;#  $ G eHTML Options Table } ;# $ G e } ;# $ G e };# $ G eControl };# $ G eValue }H;# H$ G e Comments };# $ G e Image Format };# $ g % 0001IMAGGIF E MACP0001GIF }H;# =H$ G e } <+ , G eHTML Mapping Table } <+ , G e } < + , G e } < + , G e } <+ , G e }.<+., !G eFrameMaker Source Item }~<+~, !G e HTML Item }6<+6, !G e }6.<+6., !g %Include EAuto# }.<+., !G e Comments }<+, "G e }H<+H, "G eElement }6<+6, "g %New Web EPage? }6< +6, "G e }<"+, "G e }<$+, #G eP:Body }H<&+ H, #G eP }6<(+!6, #G eN }6<*+ "6, #G eN }<,+!2, #G e d<.%% $$6, 'G. eX:Page }H<{+57H, 'G/ e See Also }6<}+686, 'G0 eN }6<+796, 'G1 eN }<+80, 'G2 e }<+C;, (G3 eX:Heading & Page }H<+:<H, (G4 e See Also }6<+;=6, (G5 eN }6<+<>6, (G6 eN }<+=5, (G7 e }<+H@, )G8 eC:EquationVariables }H<+?AH, )G9 eEM }6<+@B6, )G: eN }6<+AC6, )G; eN }<+B:, )G< e }<+ME, *G= e C:Emphasis }H<+DFH, *G> eEM }6<+EG6, *G? eN }6<+FH6, *G@ eN }<+G?, *GA e }<+RJ, +GB eP:Title }H<+IKH, +GC eH* }6<+JL6, +GD eN }6<+KM6, +GE eN }<+LD, +GF e },<+WO,, ,GG e P:TableTitle }H,<+NPH,,, ,3 eLI He Parent = OL A0e Depth = 0 }6,<+OQ6,, ,GI eN }6,<+PR6,, ,GJ eN },<+QI,, ,GK e }<+\T, -GL eP:TableFootnote }H<+SUH, -GM eP }6<+TV6, -GN eN }6<+UW6, -GO eN }<+VN, -GP e }<+aY, .GQ eP:Rule }H<+XZH, .GR eP }6<+Y[6, .GS eN }6<+Z\6, .GT eN }<+[S, .GU e }<+f^, /GV e P:Numbered1 }H<+]_H, /GW eH* }6<+^`6, /GX eN }6<+_a6, /GY eN }<+`X, /GZ e }<+kc, 0G[ e P:Numbered }H<+bdH, 0G\ eH* }6<+ce6, 0G] eN }6<+df6, 0G^ eN }<+e], 0G_ e }<+ph, 1G` eP:Mapping Table Title }H<+giH, 1Ga eP }6<+hj6, 1Gb eN }6<+ik6, 1Gc eN }<+jb, 1Gd e }<+um, 2Ge eP:Mapping Table Cell }H<+lnH, 2Gf eP }6<+mo6, 2Gg eN }6<+np6, 2Gh eN }<+og, 2Gi e }<+zr, 3Gj eP:ManHeading2 }H<+qsH, 3Gk eP }6<+rt6, 3Gl eN }6<+su6, 3Gm eN }<+tl, 3Gn e }<+w, 4Go e P:ManHeading }H<+vxH, 4Gp eP }6<+wy6, 4Gq eN }6=+xz6, 4Gr eN }=+yq, 4Gs e }=+|, 5Gt e P:ManBody }H=+{}H, 5Gu eP }6= +|~6, 5Gv eN }6= +}6, 5Gw eN }= +~v, 5Gx e }=+ , 6Gy e P:LetteredA }H=+H, 6Gz eH* }6=+6, 6G{ eN }6=+6, 6G| eN }=+{, 6G} e }=+, 7G~ e P:Lettered }H=+H, 7G eH* }6=+6, 7G eN }6=+ 6, 7G eN }=!+, 7G e }=#+ , 8G e P:Indented }H=%+ H, 8G eP }6='+ 6, 8G eN }6=)+ 6, 8G eN }=++ , 8G e }=-+, 9G eP:HeadingRunIn }H=/+H, 9G eP }6=1+6, 9G eN }6=3+6, 9G eN }=5+ , 9G e }=7+, :G e P:Heading2 }H=9+H, :G eH* }6=;+6, :G eN }6==+6, :G eN }=?+, :G e }=A+", ;G e P:Heading1 }H=C+H, ;G eH* }6=E+6, ;G eN }6=G+6, ;G eN }=I+, ;G e }=K+', <G eP:Heading Info }H=M+ H, <G eP }6=O+!6, <G eN }6=Q+ "6, <G eN }=S+!, <G e }=U+,$, =G e P:Footnote }H=W+#%H, =G eP }6=Y+$&6, =G eN }6=[+%'6, =G eN }=]+&, =G e }=_+1), >G! eP:CellHeading }H=a+(*H, >G" eP }6=c+)+6, >G# eN }6=e+*,6, >G$ eN }=g++#, >G% e }=i+6., ?G& e P:CellBody }H=k+-/H, ?G' eP }6=m+.06, ?G( eN }6=o+/16, ?G) eN }=q+0(, ?G* e },=s+"3,, @G+ e P:Bulleted }H,=u+24H,,, @1 eLI e Parent = UL A,e Depth = 0 }6,=w+356,, @G- eN }6,=y+466,, @G. eN },={+5-,, @G/ e }$D?]#<8$D$ AW4  eCSS Export Encoding }D?_#79D$ AW5  e ISO-8859-1 }hDH?a#8^hDH$ AW6  e }?c#?;$ BG7 eExport Encoding }?e#:<$ BG8 e ISO-8859-1 }H?g#;7H$ BG9 e }?i#>$ CG: e!Copy Files Imported by Reference }?k#=?$ CG; eN }H?m#>:H$ CG< e }l@ EAl DG= e1 }@ @B DG> eTitle }@A DG? e }l@HDl EG@ e4 }@CE EGAe Numbered1 }@D@ EGB e }l@KGl FGC e4 }@FH FGDe Numbered }@GC FGE e }l@NJl GGF e5 }@IK GGGe LetteredA }@!JF GGH e }l@#QMl HGI e5 }@%LN HGJe Lettered }@'MI HGK e }l@)*Pl IGL e3 }@+OQ IGM e Heading2 }@-PL IGN e },F<+[S,, JG2 e P:Romanedi }H,F>+RTH,,, JY eLI me Parent = OL Ane Depth = 0 }6,F@+SU6,, JGZ eN }6,FB+TV6,, JG[ eN },FD+U,, JG\ e },FF+*X,, KGb e P:Romaned }H,FH+WYH,,, Kg eLI ke Parent = OL Ale Depth = 0 }6,FJ+XZ6,, KGh eN }6,FL+Y[6,, KGi eN },FN+ZR,, KGj e dLeftdRightd ReferenceddHeadingsd+HTMLd#HTML f@PQ TitleBody. f@NE Q Numbered1 N:.Numbered. f@N Q Numbered N:.\t. f@N Q Numbered N:.\t. f@ Q Footnote. f@NE Q Numbered1 N:.Numbered. f@T QHeading2Body. f@T Q HeadingRunInBody. f@ Q Indented. @@ Q Body. $f@AE Q$. LetteredA A:.Lettered. f@ Q TableFootnote. f@T Q TableTitleT:Table : . @@ QHeader Double Line. f@T Q TableTitleT:Table : . @@ Q Mapping Table Title. $f@A Q$. Lettered A:.\t. f@ Q CellFooting. $f@AE Q$. LetteredA A:.Lettered. $f@A Q$. Lettered A:.\t. @@ QFooter. @@ QMapping Table Cell. @@QMapping Table Title. f@ QRule. @@ Q Mapping Table Cell. @@ Q Mapping Table Cell. @@ QMapping Table Cell. @@ Q $ H l      D h  ManHeading. @@QMapping Table Cell. 6$f@R Q6. RomanedR:.. 6$f@R Q6. Romanedi R:.. f@ Q CellHeading. f@ QBody.  f@P Q Heading InfoBody. f@ QBody. f@ Q CellHeading. f@ Q Bulleted\t. f@ QCellBody. f@ QCellBody.  f@PQTitleBody.  @@ Q ManHeading2.  f@T QHeading1Body. @@ Q $ H l      D h  ManBody. QEmphasisQEquationVariables Q Q Q Q Q 33QQ 33Q Q Q /Q Q Q QThinMediumDoubleThick@ Very Thin H&5H&5H&5H&5H&5Format A H&5H&5H&5H&5H&5Format BH Mapping TableH Mapping Table vDl h pH   h h h     ( h h h h  N A H >p J H 6 6 K  "#$ %&'I ()*$ $./0$$h$123$4h $456$”h$789$„h $:;<$th $= > ? $dh $@ A B $Th $C D E $Dh $F G H $ $I J K L $ $MNOP$$QRST$ $UVW$$XYZ$$[\]$Z $^_`a$j$bcde$z:$fghi$$jklm$X:$nopq$H$rstu$:$vwxy$$z{|}$:$~$$ $$   C$   !,      ",!!!!!!#,""""""@,## #!#"#%K,&$'$($)$*$&$,+%,%-%.%/%'%,0&1&2&3&4&(&,5'6'7'8'9')',:(;(<(=(>(*(,?)@)A)B)C)+),D*E*F*G*H*,*,I+J+K+L+M+,-+,N,O,P,Q,R,.,,S-T-U-V-W-/-,X.Y.Z.[.\.0.,]/^/_/`/a/1/,b0c0d0e0f020,g1h1i1j1k131,l2m2n2o2p242,q3r3s3t3u353,v4w4x4y4z464,{5|5}5~5575,6666686,7777 797, 8 8 8 88:8,99999;9,:::::<:,;;;;;=;,<< <!<"<><,#=$=%=&='=?=,(>)>*>+>,>@>,-?.?/?0?1?,#?,2@3@4@5@6@$DB$7A8A9ACA$:B;BC?CE @DADBDFD CEDEEEGE FFGFHFHF IGJGKGIG LHMHNHH OIPIQI,K,RJSJTJUJVJ,$J,WKXKYKZK[KComment6:+d BlackT!WhiteddARedddGreendd BluedCyandMagentad YellowHeader/Footer $1Header/Footer $1Header/Footer $2Header/Footer $2IndexIndexCommentCommentSubjectSubjectAuthorAuthorGlossaryGlossaryEquationEquation Hypertext Hypertext  Cross-Ref Cross-Ref Conditional TextConditional TextPositionFMPrivatePositionFMPrivateRangeEndFMPrivateRangeEndFMPrivate HTML Macro HTML Macro M.Times.B Times-Bold FrameRoman M.Times.P Times-Roman FrameRoman M.Times.BITimes-BoldItalic FrameRoman M.Helvetica.BHelvetica-Bold FrameRoman M.Times.I Times-Italic FrameRomanb. HelveticaPTimes!Regular$RomanBoldRegularItalic7:ţqِЛr` MAR&?"<(@{9$ ;{gv8{$[.0 [C.QN!]~W԰ @1ޝ˚#O8JQWڲ5S