Outline for April 17, 2013

Reading: § 3.4–3.5, 4, handout
Due: Homework #2, due April 26, 2013

  1. Expressive power
    1. ESPM and multi-parent create
    2. Simulation and expressiveness
    3. Comparing security properties of models
  2. Policy
    1. Sets of authorized, unauthorized states
    2. Secure systems in terms of states
    3. Mechanism vs. policy
  3. Types of Policies
    1. Military/government vs. confidentiality
    2. Commercial vs. integrity
  4. Types of Access Control
    1. Mandatory access control
    2. Discretionary access control
    3. Originator-controlled access control
  5. High-level policy languages
    1. Characterization
    2. Example: DTEL
  6. Low-level policy languages
    1. Characterization
    2. Example: tripwire configuration file

You can also obtain a PDF version of this. Version of April 16, 2013 at 10:59PM