Outline for April 15, 2004

1. Policy
   1. Policy languages: high level, low level
2. Bell-LaPadula Model (security classifications only)
   1. Go through security clearance, classification
   2. Describe simple security condition (no reads up), *-property (no writes down), discretionary security property
   3. State Basic Security Theorem: if it's secure and transformations follow these rules, it's still secure
3. Bell-LaPadula Model (security levels)
   1. Go through security clearance, categories, levels
4. Lattice models
   1. Poset, ≤ the relation
   2. Reflexive, antisymmetric, transitive
   3. Greatest lower bound, least upper bound
   4. Example with complex numbers
5. Bell-LaPadula Model
   1. Apply lattice work
      1. Set of classes SC is a partially ordered set under relation ≤ with GLB (greatest lower bound), LUB (least upper bound) operators
      2. Note: is reflexive, transitive, antisymmetric
      3. Examples: (A, C) ≤ (A´, C´) iff A ≤ A´ and C ⊆ C´;
         LUB((A, C), (A´, C´)) = (max(A, A´), C ∪ C´), GLB((A, C), (A´, C´)) = (min(A, A´), C ∩ C´)
   2. Describe simple security condition (no reads up), *-property (no writes down), discretionary security property
   3. State Basic Security Theorem: if it's secure and transformations follow these rules, it's still secure
   4. Maximum, current security level
6. Example: DG/UX UNIX
   1. Labels and regions
   2. Multilevel directories