Outline for January 22, 2016

Reading: text, §4, [1]
Due: Presentation paper selection, Jan. 22; Project selection, Jan. 22; Homework 1, due January 25

  1. Policy
    1. Sets of authorized, unauthorized states
    2. Secure systems in terms of states
    3. Mechanism vs. policy
  2. Types of Policies
    1. Military/government vs. confidentiality
    2. Commercial vs. integrity
  3. Types of Access Control
    1. Mandatory access control
    2. Discretionary access control
    3. Originator-controlled access control
  4. High-level policy languages
    1. Characterization
    2. Example: Ponder
  5. Low-level policy languages
    1. Characterization
    2. Example: tripwire configuration file
You can also obtain a PDF version of this. Version of January 20, 2016 at 11:25PM