Outline for May 6, 2013

Reading: §8.2–8.5, [Man02] (This is available in the Resources area of SmartSite; look in the folder “Handouts”)
Due: Homework #3, due May 10, 2013

Deterministic noninterference
1. Model of system
2. Example
3. Relationship of output to states
4. Projections and purge functions
Alternative definition of security policy
1. Output-consistent
2. Security policy
3. Alternate projection function
4. Noninterference-secure with respect to the policy r
Unwinding Theorem
1. Locally respects
2. Transition-consistent
3. Unwinding theorem
Access Control Matrix interpretation
1. Model
2. ACM conditions
3. Policy conditions
4. Result
Policies that change over time
1. Generalization of noninterference
2. Example
Composing deterministic, noninterference-secure systems

Table of Notation

notation		meaning
S		set of subjects s
Σ		set of states σ
O		set of outputs o
Z		set of commands z
C		set of state transition commands (s, z), where subject s executes command z
C^*		set of possible sequences of commands c₀, …, c_n
ν		empty sequence
c_s		sequence of commands
T(c, σ_i)		resulting state when command c is executed in state σ_i
T^*(c_s, σ_i)		resulting state when command sequence c_s is executed in state σ_i
P(c, σ_i)		output when command c_{is executed in state σ_i}
P^(c_s*, σ_i)		output when command sequence c_s is executed in state σ_i
proj(s, c_s, σ_i)		set of outputs in P^(c_s*, σ_i) that subject s is authorized to see
π_G,A(c_s)		subsequence of c_s with all elements (s, z), s ∈ G and z ∈ A deleted
dom(c)		protection domain in which c is executed
~^dom(c)		equivalence relation on system states
π′_{d(c_s)}		analogue to π above, but with protection domain and subject included

You can also obtain a PDF version of this.

Version of May 6, 2013 at 10:19PM