Lecture 11 Outline (April 22, 2015)
Reading: §3.1–3.2, §4
Assignment: Program 2, due April 27, 2015; Homework 2, May 1, 2015
- Greetings and felicitations!
- Brian Perry’s office hours for today only are moved to 3:10–4:00pm
- Discussion problem of the day
- HRU Result
- Notion of leakage in terms of ACM
- Determining security of a generic system with generic rights and mono-operational commands is decidable
- Determining security of a generic system with generic rights is undecidable
- Meaning: can’t derive a generic algorithm; must look at (sets of) individual case
- Policy
- Sets of authorized, unauthorized states
- Secure systems in terms of states
- Mechanism vs. policy
- Types of Policies
- Military/government vs. confidentiality
- Commercial vs. integrity
- Types of Access Control
- Mandatory access control
- Discretionary access control
- Originator-controlled access control
- High-level policy languages
- Characterization
- Example: DTEL
- Low-level policy languages
- Characterization
- Example: tripwire configuration file
- Policies in natural language
Discussion question. In 2003, Senator Orin Hatch said he wanted copyright holders to be able to use special-purpose hardware to prevent piracy. The following paragraph is quoted from an article in the PoliTech mailing list (June 19, 2003, at 10:12AM):
Sen. Orrin Hatch, R-UT, said he was drafting legislation to require devices in PCs permitting the
destruction of hardware used for wide-scale copyright infringement by sending a secret command to the
remote computer. A copyright holder would be required to offer two warnings before the “kill switch” was
activated and the computer destroyed or permanently disabled, Hatch said.
- What are the arguments in favor of Sen. Hatch’s proposal?
- What are the arguments against Sen. Hatch’s proposal?
- If this proposal had been adopted, what safeguards should be put into place to prevent unauthorized activation of the “kill switch”?