January 11, 2021 Outline

Reading: text, §3.3
Due: Homework #1, due January 22; Project selection, due January 22

Module 10

  1. Take-Grant Protection Model
    1. Counterpoint to HRU result
    2. Symmetry of take and grant rights
    3. Islands (maximal subject-only tg-connected subgraphs)
    4. Bridges (as a combination of terminal and initial spans)
Module 11
  1. Sharing
    1. Definition: can•share(α, x, y, G0) true iff there exists a sequence of protection graphs G0, …, Gn such that G0* Gn using only take, grant, create, remove rules and in G_n, there is an edge from x to y labeled α
    2. Theorem: can•share(α, x, y, G0) iff there is an edge from x to y labeled α in G0, or all of the following hold:
      1. there is a vertex y′ with an edge from y′ to y labeled α;
      2. there is a subject y′′ which terminally spans to y′, or y′′ = y′;
      3. there is a subject x′ which initially spans to x, or x′ = x; and
      4. there is a sequence of islands I1, …, In connected by bridges for which x′ ∈ I1 and y′ ∈ In.
  2. Model Interpretation
    1. ACM very general, broadly applicable; Take-Grant more specific, can model fewer situations
    2. Example: shared buffer managed by trusted third party
Module 12
  1. Stealing
    1. Definition: can•steal(α, x, y, G0) true if, and only if, there is no edge from x to y labeled α in G0, and there exists a sequence of protection graphs G0, …, Gn for which the following hold simultaneously:
      1. There is an edge from x to y labeled α in Gn;
      2. There is a sequence of rule applications ρ1 such that Gi−1Gi using ρi; and
      3. For all vertices v and w in Gi−1, 1 ≤ i < n, if there is an edge from v to y labeled α, then ρi is not of the form “v grants (α to y) to w
    2. Theorem: can•steal(α, x, y, G0) iff the following hold simultaneously:
      1. There is no edge from x to y labeled α in G0;
      2. There exists a subject x′ such that x′ = x or x′ initially spans to x;
      3. There exists a vertex s with an edge labeled α to y in G0; and
      4. can•share(t, x′, s, G0) holds
  2. Conspiracy
    1. What is of interest?
    2. Access, deletion sets
    3. Conspiracy graph
    4. Number of conspirators

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of January 10, 2021 at 4:04PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh