January 8, 2024 Outline

Reading: text, §1, 2, 20.1.2.2
Due: Homework #1, due January 19; Project selection, due January 21

Module 1

  1. Introduction to class
    1. General information
    2. Homework
    3. Handouts

Module 2 (Reading: text: §1)

  1. The basic components of security

Module 3 (Reading: text: §20.1.2.2)

  1. Reference monitors and security policy

Module 4 (Reading: text: §2)

  1. Access control matrix and entities
    1. Subject, objects (includes subjects)
    2. State is (S, O, A) where A is access control matrix
    3. Rights (represent abstract notions)
  2. Instantiating access control matrices
    1. Example: UNIX file system
      1. read, write, execute on files
      2. read, write, execute on directories
  3. Access control matrix and entities
    1. Example: Boolean expressions
    2. Example: History and limiting rights
  4. Primitive operations
    1. enter r into A[s, o]
    2. delete r from A[s, o]
    3. create subject s (note that ∀ x [ A[s′, x] = A[x, s′] = ∅ ])
    4. create object o (note that ∀ x [ A[s, o′] = ∅ ])
    5. destroy subject s
    6. destroy object o
  5. Commands and examples
    1. Regular command: create•file
    2. Mono-operational command: make•owner
    3. Conditional command: grant•rights
    4. Biconditional command: grant•read•if•r•and•c
    5. Doing “or” of 2 conditions: grant•read•if•r•or•c
    6. General form
  6. Miscellaneous points
    1. Copy flag and right
    2. Own as a distinguished right
    3. Principle of attenuation of privilege
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of January 9, 2024 at 11:30PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh