February 12, 2024 Outline

Reading: text, §7.4, 8.1
Due: Extra Credit #C, due February 14; Project Progress Report, due February 16; Homework #3 due February 21

Module 27 (Reading: text, §7.4)

  1. Countermeasures
    1. Manipulate opening of connection
    2. Control which packets get through, or the rate at which they get through

  2. Amplification attacks

Module 28 (Reading: text, §8.1)

  1. Brewer-Nash (Chinese Wall) Policy
    1. Low-level entities are objects; all objects concerning the same corporation form a CD (company dataset); CDs whose corporations are in competition are grouped into COIs (Conflict of Interest classes)
    2. Intuitive goal: keep one subject from reading different CDs in the same COI, or reading one CD and writing to another in same COI
    3. Simple Security Property: Read access granted if the object:
      1. is in the same CD as an object already accessed by the subject; or
      2. is in a CD in an entirely different COI
    4. Theorems:
      1. Once a subject has accessed an object, only other objects in that CD are available within that COI;
      2. Subject has access to at most 1 dataset in each COI class
    5. Exceptions: sanitized information
    6. *-Property: Write access is permitted only if:
      1. Read access is permitted by the simple security property; and
      2. No object in a different CD in that COI can be read, unless it contains sanitized information
    7. Key result: information can only flow within a CD or from sanitized information
    8. Aggressive Chinese Wall model
    9. Comparison to BLP
    10. Comparison to Clark-Wilson
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of February 12, 2024 at 7;15M

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh