January 10, 2023 Outline

Reading: text, §20.1.2.2, 2.1–2.2
Due: Homework #1, due January 24; Project selection, due January 26

  1. Introduction to class
    1. General information
    2. Homework
    3. Handouts
  2. The basic components of security
  3. Reference monitors and security policy
  4. Access control matrix and entities
    1. Subject, objects (includes subjects)
    2. State is (S, O, A) where A is access control matrix
    3. Rights (represent abstract notions)
  5. Instantiating access control matrices
    1. Example: UNIX file system
      1. read, write, execute on files
      2. read, write, execute on directories
  6. Access control matrix and entities
    1. Example: Boolean expressions
    2. Example: History and limiting rights
  7. Primitive operations
    1. enter r into A[s, o]
    2. delete r from A[s, o]
    3. create subject s (note that ∀ x [ A[s′, x] = A[x, s′] = ∅ ])
    4. create object o (note that ∀ x [ A[x, o′] = ∅ ])
    5. destroy subject s
    6. destroy object o
  8. Commands and examples
    1. Regular command: create•file
    2. Mono-operational command: make•owner
    3. Conditional command: grant•rights
    4. Biconditional command: grant•read•if•r•and•c
    5. Doing “or” of 2 conditions: grant•read•if•r•or•c
    6. General form
  9. Miscellaneous points
    1. Copy flag and right
    2. Own as a distinguished right
    3. Principle of attenuation of privilege
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of January 5, 2023 at 9:55PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh