Lecture 12 Outline
Reading: text, §4, 5
Due: Homework 3, on May 12
- Greetings and felicitations!
- Announce change of due date to Homework 3
- Announce secure programming clinic
- Discussion question
- Low-level policy languages
- Characterization
- Example: tripwire configuration file
- Policies in natural language
- Goals of confidentiality policies
- Bell-LaPadula Model with levels only
- Security levels
- Simple security property
- *-property
- Discretionary security property
- Full Bell-LaPadula Model
- Add in compartments
- dom relation
- BLP as lattice structure
- Simple security property
- *-Property
- Discretionary security property
- Range of levels
- Basic Security Theorem
Discussion question. An eighth grade school student in Florida shoulder-surfed a teacher he didn’t like typing in a password. He used that password to log into the teacher’s account and changed the wallpaper. The password, like all passwords on the school network, was the last name of the teacher (user), and teachers had administrative privileges on the network.
The student was first suspended for 10 days. But on April 2, 2015, the Pasco County sheriff filed felony charges against the student. The sheriff stated that he filed the charges because the teacher’s computer had “encrypted 2014 FCAT [Florida Comprehensive Assessment Test] questions”, although he admitted the student “did not view or tamper with those files.” He added “Even though some might say this is just a teenage prank, who knows what this teenager might have done.”
Do you think the student should have been suspended? Should he have been charged with a felony?