Reading: §8.2
notation | meaning | |
---|---|---|
S | set of subjects s | |
Σ | set of states σ | |
O | set of outputs o | |
Z | set of commands z | |
C | set of state transition commands (s, z), where subject s executes command z | |
C* | set of possible sequences of commands c0, ..., cni | |
ν | empty sequence | |
cs | sequence of commands | |
T(c, σi) | resulting state when command c is executed in state σi | |
T*(cs, σi) | resulting state when command sequence cs is executed in state σi | |
P(c, σi) | output when command c is executed in state σi | |
P*(cs, σi) | output resulting state when command sequence cs is executed in state σi | |
proj(s, cs, σi) | set of outputs in P*(cs, σi) that subject s is authorized to see | |
πG,A(cs) | subsequence of cs with all elements (s, z), s ∈ G and z ∉ A deleted | |
dom(c) | protection domain in which c is executed | |
∼dom(c) | equivalence relation on system states | |
π′d(cs) | analogue to π above, but with protection domain and subject included |
ECS 235B, Foundations of Computer and Information Security Winter Quarter 2012 |