Lecture 11, April 24

Reading: §4.5--4.6, 5.1--5.3 except 5.2.3--5.2.4
Due: Homework #2, due April 26, 2013 at 11:55pm

Discussion Problem. What does the following paragraph say to a system administrator or security officer seeking insight to defend her systems?

If we do not wish to fight, we can prevent the enemy from engaging us even though the lines of encampment be merely traced out on the ground. All we need to do is to throw something odd and unaccountable in his way.

Tu Mu relates a strategm of Chu-ko Liang, who in 149 B.C., when occupying Yang-p’ing and about to be attacked by Ssu-ma I, suddenly struck his colors, stopping the beating of the drums, and flung open the city gates, showing only a few men engaged in sweeping and sprinkling the ground. This unexpected proceeding had the intended effect; for Ssu-Ma I, suspecting an ambush, actually drew off his army and retreated.

Sun Tzu, The Art of War, James Clavell, ed., Dell Publishing, New York, NY ©1983, pp. 26–27.

Lecture outline.

  1. High-level policy languages
    1. Characterization
    2. Example: DTEL
  2. Low-level policy languages
    1. Characterization
    2. Example: tripwire configuration file
  3. Policies in natural language
  4. Goals of confidentiality policies
  5. Bell-LaPadula Model with levels only
    1. Security levels
    2. Simple security property
    3. *-property
    4. Discretionary security property
  6. Full Bell-LaPadula Model
    1. Add in compartments
    2. dom relation
    3. BLP as lattice structure
    4. Simple security property
    5. *-Property
    6. Discretionary security property
  7. Range of levels
  8. Basic Security Theorem
  9. Example: DG/UX B2 System
  10. Tranquility
    1. Declassification problem
    2. Strong tranquility
    3. Weak tranquility

You can also obtain a PDF version of this. Version of April 23, 2013 at 8:10PM