Outline for April 19, 2013

Reading: §4
Due: Homework #2, due April 26, 2013
  1. Types of Access Control
    1. Mandatory access control
    2. Discretionary access control
    3. Originator-controlled access control
  2. High-level policy languages
    1. Characterization
    2. Example: DTEL
  3. Low-level policy languages
    1. Characterization
    2. Example: tripwire configuration file
  4. English policy
    1. Authorized Use Policy
    2. Electronic Mail Policy
  5. Secure, precise
    1. Observability postulate
    2. Theorem: for any program p and policy c, there is a secure, precise mechanism m* such that, for all security mechanisms m associated with p and c, m*m
    3. Theorem: There is no effective procedure that determines a maximally precise, secure mechanism for any policy and program
  6. Bell-LaPadula Model: intuitive, security classifications only
    1. Show level, categories, define clearance and classification
    2. Lattice: poset with ≤ relation reflexive, antisymmetric, transitive; greatest lower bound, least upper bound
    3. Apply lattice
      1. Set of classes SC is a partially ordered set under relation dom with glb (greatest lower bound), lub (least upper bound) operators
      2. dom is reflexive, transitive, antisymmetric
      3. (A, C) dom (A′, C′) iff AA′ and CC′;
        lub((A, C), (A′, C′)) = (max(A, A′), CC′,
        glb((A, C), (A′, C′)) = (min(A, A′), CC
    4. Simple security condition (no reads up), *-property (no writes down), discretionary security property
    5. Basic Security Theorem: if system is secure and transformations follow these rules, system will remain secure
    6. Maximum, current security level

You can also obtain a PDF version of this. Version of April 18, 2013 at 8:09PM