January 23, 2014 Outline

Reading: text, § 4, 5.1–5.2
Assignment due: Homework #1, due January 23, 2014

  1. Policy and models
  2. Trust
  3. Policy vs. mechanism
  4. Policy languages
    1. Web-based constraints
    2. tripwire
  5. English policy
    1. Authorized Use Policy
    2. Electronic Mail Policy
  6. Secure, precise
    1. Observability postulate
    2. Theorem: for any program p and policy c, there is a secure, precise mechanism m* such that, for all security mechanisms m associated with p and c, m* ≈ m.
    3. Theorem: There is no effective procedure that determines a maximally precise, secure mechanism for any policy and program

You can also obtain a PDF version of this. Version of January 22, 2014 at 9:11PM