Lecture 2 Outline

Reading: text, §2, 16.1–16.3
Due: Homework 1, on Apr. 5

1. Greetings and felicitations!
2. Access Control Matrix
   1. Subjects, objects, and rights
   2. Primitive commands
   3. Commands and conditions: create-file, various flavors of grant-right to show conditions and nested commands
3. Decidability of security
   1. Notion of leakage in terms of ACM
   2. Determining security of a generic system with generic rights and mono-operational commands is decidable
   3. Determining security of a generic system with generic rights is undecidable (HRU result)
   4. Meaning: can’t derive a generic algorithm; must look at (sets of) individual case
4. Access Control Lists
   1. UNIX method
   2. Full ACLs: describe, revocation issue
5. Capabilities
   1. Capability-based addressing
   2. Inheritance of C-Lists
6. Lock and Key
   1. Associate with each object a lock; associate with each process that has access to object a key (it’s a cross between ACLs and C-Lists)
   2. Example: cryptographic (Gifford). X object enciphered with key K. Associate an opener R with X. Then:
      OR-Access: K can be recovered with any D_i in a list of n deciphering transformations, so
      R = (E₁(K), E₂(K), …, E_n(K)) and any process with access to any of the D_i’s can access the file
      AND-Access: need all n deciphering functions to get K: R = E₁(E₂(… E_n(K) …))
   3. Types and locks

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 153, Computer Security Version of April 2, 2016 at 4:40PM You can also obtain a PDF version of this.