Lecture 13, April 29

Reading: §5.2.2, 5.3, 6.1–6.2

Discussion Problem. Computer security experts seem to like puns. So if you want to talk like a computer security expert, you need to be able to inject bad puns into your conversations. To get you started, here are some puns from the Book of Lists 2’s list of the world’s worst puns. Consider yourselves armed (or forewarned)!

  1. The Eskimo stabbed himself with an icicle. He died of cold cuts.
  2. In his dessert list, a San Antonio restaurateur suggests, “Remember the alamode!”
  3. There was an advice-to-the-lovelorn editor who insisted, “If at first you don’t succeed, try a little ardor.”
  4. The commuter’s Volkswagen broke down once too often. So he consigned it to the Old Volks Home.
  5. The wise old crow perched himself on a telephone wire. He wanted to make a long-distance caw.
  6. A talkative musician couldn’t hold a job. Every time he opened his mouth, he put his flute in it.
  7. A farmer with relatives in East Germany heard that a food package he had sent had never arrived. Optimistically, he assured them, “Cheer up! The wurst is yet to come.”
  8. When the promoter of a big flower show was told that a postponement was necessary because the exhibits could not be installed on time, he explained to his backers, “We were simply caught with our plants down.”
  9. A critic declared that he always praised the first show of a new theatrical season. “Who am I,” he asked, “to stone the first cast?”
  10. Egotist: a person who’s always me-deep in conversation.
  11. “It’s raining cats and dogs,” one man remarked. “I know,” said another. “I just stepped into a poodle.”
  12. An eccentric bachelor passed away and left a nephew nothing but 392 clocks. The nephew is now busy winding up the estate.
  13. The baseball pitcher with a sore arm was in the throws of agony.

Lecture outline.

  1. Greetings and felicitations!
    1. Midterm will be on Wednesday, May 1, in class; it is open book but you may not use your computer (so if your notes are electronic, print them out!)
    2. There is a study guide, a sample midterm, and answers to it on SmartSite.
  2. Example: DG/UX B2 System
  3. Tranquility
    1. Declassification problem
    2. Strong tranquility
    3. Weak tranquility
  4. Requirements of integrity models
  5. Biba Model
    1. Low-water-mark policy
    2. Ring policy
    3. Strict integrity
  6. Clark-Wilson Model
    1. Theme: military model does not provide enough controls for commercial fraud, etc. because it does not cover the right aspects of integrity
    2. Components
      1. Constrained Data Items (CDI) to which the model applies
      2. Unconstrained Data Items (UDIs) to which no integrity checks are applied
      3. Integrity Verification Procedures (IVP) that verify conformance to the integrity spec when IVP is run
      4. Transaction Procedures (TP) takes system from one well-formed state to another

You can also obtain a PDF version of this. Version of April 28, 2013 at 9:01PM