Outline for April 27, 2004

Reading: Chapters 2, 3.1-3.2, 4.1-4.5

Outline for the Day

  1. Access Control Matrix
    1. Subjects, objects, and rights
    2. Primitive commands: create subject/object, enter right, delete right, destroy subject/object
    3. Copy flag
    4. Attenuation of privileges
  2. HRU Result
    1. Notion of leakage in terms of ACM
    2. Determining security of a generic system with generic rights is undecidable
    3. Meaning: can't derive a generic algorithm; must look at (sets of) individual case
  3. Policy
    1. Sets of authorized, unauthorized states
    2. Secure systems in terms of states
    3. Mechanism vs. policy
  4. Types of Policies
    1. Military/government vs. confidentiality
    2. Commercial vs. integrity
  5. Types of Access Control
    1. Mandatory access control
    2. Discretionary access control
    3. Originator-controlled access control
  6. High-Level Policy Languages
    1. Characterization
    2. Example: DTEL

Here is a PDF version of this document.