Winter Quarter 2012
Reading: §8
| notation | meaning | |
|---|---|---|
| S | set of subjects s | |
| Σ | set of states σ | |
| O | set of outputs o | |
| Z | set of commands z | |
| C | set of state transition commands (s, z), where subject s executes command z | |
| C* | set of possible sequences of commands c0, ..., cni | |
| ν | empty sequence | |
| cs | sequence of commands | |
| T(c, σi) | resulting state when command c is executed in state σi | |
| T*(cs, σi) | resulting state when command sequence cs is executed in state σi | |
| P(c, σi) | output when command c is executed in state σi | |
| P*(cs, σi) | output resulting state when command sequence cs is executed in state σi | |
| proj(s, cs, σi) | set of outputs in P*(cs, σi) that subject s is authorized to see | |
| πG,A(cs) | subsequence of cs with all elements (s, z), s ∈ G and z ∉ A deleted | |
| dom(c) | protection domain in which c is executed | |
| ∼dom(c) | equivalence relation on system states | |
| π′d(cs) | analogue to π above, but with protection domain and subject included | |
| wn | v1, …, vn where v1 ∈ C* | |
| w | sequence of elements of C leading up to current state | |
| cando(w, s, z) | true if s can execute z in current state | |
| pass(s, z) | give s right to execute z | |
| prev(w_n) | wn−1 | |
| last(w_n) | vn |
|
|
ECS 235B, Foundations of Computer and Information Security Winter Quarter 2012 |