**Reading:** §3.3

- Sharing
- Definition: can•share(α,
**x**,**y**,*G*_{0}) iff there exists a sequence of protection graphs*G*_{0}, . . .,*G*such that that_{n}*G*_{0}|−^{*}*G*using only take, grant, create, remove rules and in_{n}*G*, there is an edge from_{n}**x**to**y**labeled α - Theorem: can•share(α,
**x**,**y**,*G*_{0}) iff there is an edge from**x**to**y**labeled α in*G*_{0}, or all of the following hold:- there is a vertex
**y′**with an edge from**y′**to**y**labeled α; - there is a subject
**y′′**which terminally spans to**y′**, or**y′′**=**y′**; - there is a subject
**x′**which initially spans to**x&**, or**x′**=**x**; and - there is a sequence of islands
*I*_{1}, . . .,*I*connected by bridges for which_{n}**x′**∈*I*_{1}and**y′**∈*I*._{n}

- there is a vertex

- Definition: can•share(α,
- Model Interpretation
- ACM very general, broadly applicable; Take-Grant more specific, can model fewer situations
- Theorem:
*G*_{0}protection graph with exactly one subject, no edges; R set of rights. Then*G*_{0}, . . .,*G*iff_{n}*G*_{0}is a finite directed graph containing subjects and objects only, with edges labeled from nonempty subsets of*R*, and with at least one subject with no incoming edges - Example: shared buffer managed by trusted third party

- Stealing
- Definition: can•steal(α,
**x**,**y**,*G*_{0}) iff there is no edge from**x**to**y**labeled α in*G*_{0}, and there exists a sequence of protection graphs*G*_{0}, . . .,*G*such that_{n}*G*_{0}|−^{*}*G*in which:_{n}*G*has an edge from_{n}**x**to**y**labeled α- There is a sequence of rule applications ρ
_{1}, . . ., ρsuch that_{n}*G*_{i−1}|−*G*; and_{i} - For all vertices
**v**,**w**∈*G*_{i−1}, if there is an edge from**v**to**y**in*G*_{0}labeled α, then ρ_{,}is not of the form “**v**grants (α to**y**) to**w**”

- Example

- Definition: can•steal(α,
- Conspiracy
- Access set
- Deletion set
- Conspiracy graph
*I*,*T*sets- Theorem: can•steal(α,
**x**,**y**,*G*_{0}) iff there is a path from some*h*(**p**) ∈*I*(**x**) to some*h*(**q**) ∈*T*(**y**)

A PDF version is available here.

ECS 235B, Foundations of Computer and Information Security Winter Quarter 2012 |