Lecture 10: October 16, 2019

Reading: text, §6.4, 10.1–10.2
Due: Lab 1, due October 18, 2019; Homework 2, due October 21, 2019

  1. Greetings and felicitations!
  2. Puzzle of the Day
  3. Clark-Wilson Certification and Enforcement Rules
    1. [C1] All IVPs must ensure that all CDIs are in a valid state when the IVP is run.
    2. [C2] All TPs must be certified to be valid, and each TP is associated with a set of CDIs it is authorized to manipulate.
    3. [E1] The system must maintain these lists and must ensure only those TPs manipulate those CDIs.
    4. [E2] The system must maintain a list of User IDs, TP, and CDIs that that TP can manipulate on behalf of that user, and must ensure only those executions are performed.
    5. [C3] The list of relations in E2 must be certified to meet the separation of duty requirement.
    6. [E3] The system must authenticate the identity of each user attempting to execute a TP.
    7. [C4] All TPs must be certified to write to an append-only CDI (the log) all information necessary to reconstruct the operation.
    8. [C5] Any TP taking a UDI as an input must be certified to perform only valid transformations, else no transformations, for any possible value of the UDI. The transformation should take the input from a UDI to a CDI, or the UDI is rejected (typically, for edits as the keyboard is a UDI).
    9. [E4] Only the agent permitted to certify entities may change the list of such entities associated with a TP. An agent that can certify an entity may not have any execute rights with respect to that entity.
  4. Originator-controlled access control

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of October 17, 2019 at 5:26PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh