Lecture 2 Outline

Reading: text, §2, 16.1–16.3
Due: Homework 1, on Apr. 5

  1. Greetings and felicitations!
  2. Access Control Matrix
    1. Subjects, objects, and rights
    2. Primitive commands
    3. Commands and conditions: create-file, various flavors of grant-right to show conditions and nested commands
  3. Decidability of security
    1. Notion of leakage in terms of ACM
    2. Determining security of a generic system with generic rights and mono-operational commands is decidable
    3. Determining security of a generic system with generic rights is undecidable (HRU result)
    4. Meaning: can’t derive a generic algorithm; must look at (sets of) individual case
  4. Access Control Lists
    1. UNIX method
    2. Full ACLs: describe, revocation issue
  5. Capabilities
    1. Capability-based addressing
    2. Inheritance of C-Lists
  6. Lock and Key
    1. Associate with each object a lock; associate with each process that has access to object a key (it’s a cross between ACLs and C-Lists)
    2. Example: cryptographic (Gifford). X object enciphered with key K. Associate an opener R with X. Then:
      OR-Access: K can be recovered with any Di in a list of n deciphering transformations, so
      R = (E1(K), E2(K), …, En(K)) and any process with access to any of the D_i’s can access the file
      AND-Access: need all n deciphering functions to get K: R = E1(E2(… En(K) …))
    3. Types and locks

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of April 2, 2016 at 4:40PM

You can also obtain a PDF version of this.