Outline for April 13, 2004

1. Expressive power
   1. HRU vs. SPM
   2. Multiparent joint creates in HRU
   3. Adding multiparent joint creates to SPM (giving ESPM)
   4. Simulation of multiparent joint creates by 2-parent joint creates
   5. Monotonic ESPM, monotonic HRU equivalent
   6. Safety question in ESPM decidable if acyclic attenuating scheme
2. Comparing Expressive Power of Models
   1. Graph representation
   2. Go through 3-parent joint create as simulated by 2-parent joint create
   3. Correspondence between two schemes in terms of graph representation
   4. Formal definition of scheme A simulating scheme B
   5. Model expressive power
   6. Result: monotonic 1-parent models less expressive than monotonic multiparent models (so ESPM more expressive than SPM)
3. Typed Access Matrix Model
   1. Add notion of type for entities--set of types T, set of subject types TS ⊆ T
   2. New create rules: specify subject/object type
   3. In command, child type if something of that type created; otherwise, a parent type
   4. Show type graph and cycles in it
   5. Safety decidable for systems with acyclic MTAM schemes
4. Policy
   1. Define security policy, secure system, breach of security formally
   2. Security models
   3. Confidentiality, integrity policies; distinguish from military, commercial policies
   4. Role of trust in modeling
   5. DAC vs. MAC vs. ORCON