January 3, 2022 Outline

Reading: text, §20.1.2.2, 2.1–2.2
Due: Homework #1, due January 19; Project selection, due January 21

Module 1

1. Introduction to class
   1. General information
   2. Homework
   3. Handouts

2. The basic components of security

3. Reference monitors and security policy

4. Access control matrix and entities
   1. Subject, objects (includes subjects)
   2. State is (S, O, A) where A is access control matrix
   3. Rights (represent abstract notions)
5. Instantiating access control matrices
   1. Example: UNIX file system
      1. read, write, execute on files
      2. read, write, execute on directories
6. Access control matrix and entities
   1. Example: Boolean expressions
   2. Example: History and limiting rights
7. Primitive operations
   1. enter r into A[s, o]
   2. delete r from A[s, o]
   3. create subject s (note that ∀x [ A[s′, x] = A[x, s′] = ∅ ])
   4. create object o (note that ∀x [ A[x, o′] = ∅ ])
   5. destroy subject s
   6. destroy object o
8. Commands and examples
   1. Regular command: create•file
   2. Mono-operational command: make•owner
   3. Conditional command: grant•rights
   4. Biconditional command: grant•read•if•r•and•c
   5. Doing “or” of 2 conditions: grant•read•if•r•or•c
   6. General form
9. Miscellaneous points
   1. Copy flag and right
   2. Own as a distinguished right
   3. Principle of attenuation of privilege

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 235B, Foundations of Computer and Information Security Version of January 4, 2022 at 2:26PM

You can also obtain a PDF version of this.