Lecture 21: November 8, 2019

Reading: text, §16,17
Due: Homework 4, due November 25, 2019


  1. Greetings and felicitations!
  2. Capabilities
    1. Capability-based addressing
    2. Capabilities as security mechanisms
    3. Inheritance of C-Lists
  3. Lock and Key
    1. Associate with each object a lock; associate with each process that has access to object a key (it’s a cross between ACLs and C-Lists)
    2. Example: cryptographic (Gifford). X object enciphered with key K. Associate an opener R with X. Then:
      OR-Access: K can be recovered with any Di in a list of n deciphering transformations, so
      R = (E1(K), E2(K), …, En(K)) and any process with access to any of the Di’s can access the file
      AND-Access: need all n deciphering functions to get K: R = E1(E2(… En(K) …))
    3. Types and locks
  4. Secret sharing
  5. MULTICS ring mechanism
    1. Rings, gates, ring-crossing faults
    2. Used for both data and procedures; rights are REWA
      (b1, b2) access bracket—can access freely; (b3, b4) call bracket—can call segment through gate; so if a’s access bracket is (32, 35) and its call bracket is (36, 39), then assuming permission mode (REWA) allows access, a procedure in:
      rings 0–31: can access a, but ring-crossing fault occurs
      rings 32–35: can access a, no ring-crossing fault
      rings 36–39: can access a, provided a valid gate is used as an entry point
      rings 40–63: cannot access a
    3. If the procedure is accessing a data segment d, no call bracket allowed; given the above, assuming permission mode (REWA) allows access, a procedure in:
      rings 0–32: can access d
      rings 33–35: can access d, but cannot write to it (W or A)
      rings 36–63: cannot access d
  6. Information flow
    1. Information flow policy, confidentiality policy, integrity policy
    2. Example
  7. Entropy-based analysis
    1. Flow of information from x to y
    2. Implicit flow of information

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of November 15, 2019 at 4:14PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh