Outline for January 27, 2012

Reading: §4.6–4.7, [LT05], 5.2.1–5.2.2

  1. English policy
    1. Authorized Use Policy
    2. Electronic Mail Policy
  2. Secure, precise
    1. Observability postulate
    2. Theorem: for any program p and policy c, there is a secure, precise mechanism m* such that, for all security mechanisms m associated with p and c, m*m
    3. Theorem: There is no effective procedure that determines a maximally precise, secure mechanism for any policy and program
  3. Bell-LaPadula Model: intuitive, security classifications only
    1. Show level, categories, define clearance and classification
    2. Lattice: poset with ≤ relation reflexive, antisymmetric, transitive; greatest lower bound, least upper bound
    3. Apply lattice
      1. Set of classes SC is a partially ordered set under relation dom with glb (greatest lower bound), lub (least upper bound) operators
      2. Note: dom is reflexive, transitive, antisymmetric
      3. Example: (A, C) dom (A′, C′) iff AA′ and CC′; lub((A, C), (A′, C′)) = (max(A, A′), CC′); glb((A, C), (A′, C′)) = (min(A, A′), CC′)
    4. Simple security condition (no reads up), *-property (no writes down), discretionary security property
    5. Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure
    6. Maximum, current security level

A PDF version is available here.
UC Davis sigil
ECS 235B, Foundations of Computer and Information Security
Winter Quarter 2012