Lecture 21: November 8, 2019

Reading: text, §16,17
Due: Homework 4, due November 25, 2019

Greetings and felicitations!
Capabilities
1. Capability-based addressing
2. Capabilities as security mechanisms
3. Inheritance of C-Lists
Lock and Key
1. Associate with each object a lock; associate with each process that has access to object a key (it’s a cross between ACLs and C-Lists)
2. Example: cryptographic (Gifford). X object enciphered with key K. Associate an opener R with X. Then:
  OR-Access: K can be recovered with any D_i in a list of n deciphering transformations, so
  R = (E₁(K), E₂(K), …, E_n(K)) and any process with access to any of the D_i’s can access the file
  AND-Access: need all n deciphering functions to get K: R = E₁(E₂(… E_n(K) …))
3. Types and locks
Secret sharing
MULTICS ring mechanism
1. Rings, gates, ring-crossing faults
2. Used for both data and procedures; rights are REWA
  (b₁, b₂) access bracket—can access freely; (b₃, b₄) call bracket—can call segment through gate; so if a’s access bracket is (32, 35) and its call bracket is (36, 39), then assuming permission mode (REWA) allows access, a procedure in:
  rings 0–31: can access a, but ring-crossing fault occurs
  rings 32–35: can access a, no ring-crossing fault
  rings 36–39: can access a, provided a valid gate is used as an entry point
  rings 40–63: cannot access a
3. If the procedure is accessing a data segment d, no call bracket allowed; given the above, assuming permission mode (REWA) allows access, a procedure in:
  rings 0–32: can access d
  rings 33–35: can access d, but cannot write to it (W or A)
  rings 36–63: cannot access d
Information flow
1. Information flow policy, confidentiality policy, integrity policy
2. Example
Entropy-based analysis
1. Flow of information from x to y
2. Implicit flow of information

Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu

ECS 153, Computer Security
Version of November 15, 2019 at 4:14PM

You can also obtain a PDF version of this.