Outline for May 15, 2013

Reding: §16.3–16.4, 17.1–17.2, 33
Due: Homework #4, due May 24, 2013
  1. Compiler-based flow mechanisms
    1. Procedure calls
    2. Exceptions and infinite loops
    3. Semaphores
    4. Cobegin/coend
    5. Soundness
  2. Execution-based flow mechanisms
    1. Fenton’s Data Mark Machine
    2. Variable classes
  3. Examples
    1. Security pipeline interface
    2. Secure network server mail guard
  4. Confinement problem
    1. What it is
    2. Covert channels
    3. Rule of transitive confinement
    4. Difficulty of preventing leaking
  5. Isolation: virtual machines
    1. What it is
    2. Example: KVM/370
    3. Example: VAX/VMM
  6. Isolation: sandboxes
    1. What it is
    2. Adding mechanisms to libraries or kernel
    3. Modify program or process to be executed
    4. Example: Janus
  7. Covert channels
    1. Storage vs. timing
    2. Noise vs. noiseless
    3. Existence
    4. Bandwidth
  8. Covert channel detection
    1. Noninterference
    2. Shared Resource Matrix Model
    3. Information ßow analysis
    4. Covert ßow trees
You can also obtain a PDF version of this. Version of May 14, 2013 at 6:12PM