Outline for April 19, 2013

1. Types of Access Control
   1. Mandatory access control
   2. Discretionary access control
   3. Originator-controlled access control
2. High-level policy languages
   1. Characterization
   2. Example: DTEL
3. Low-level policy languages
   1. Characterization
   2. Example: tripwire configuration file
4. English policy
   1. Authorized Use Policy
   2. Electronic Mail Policy
5. Secure, precise
   1. Observability postulate
   2. Theorem: for any program p and policy c, there is a secure, precise mechanism m^* such that, for all security mechanisms m associated with p and c, m^* ≈ m
   3. Theorem: There is no effective procedure that determines a maximally precise, secure mechanism for any policy and program
6. Bell-LaPadula Model: intuitive, security classifications only
   1. Show level, categories, define clearance and classification
   2. Lattice: poset with ≤ relation reflexive, antisymmetric, transitive; greatest lower bound, least upper bound
   3. Apply lattice
      1. Set of classes SC is a partially ordered set under relation dom with glb (greatest lower bound), lub (least upper bound) operators
      2. dom is reflexive, transitive, antisymmetric
      3. (A, C) dom (A′, C′) iff A ≤ A′ and C ⊆ C′;
         lub((A, C), (A′, C′)) = (max(A, A′), C ∪ C′,
         glb((A, C), (A′, C′)) = (min(A, A′), C ∩ C′
   4. Simple security condition (no reads up), *-property (no writes down), discretionary security property
   5. Basic Security Theorem: if system is secure and transformations follow these rules, system will remain secure
   6. Maximum, current security level