# Outline for May 12, 1997

1. Greetings and Felicitations
1. Please remember to give me write-ups of your vulnerabilities, both what worked and what didn't, in the format discussed earlier
2. Take-Grant
1. Show bridges (as a combination of terminal and initial spans)
2. Show islands (maximal subject-only tg-connected subgraphs)
3. can*share(r, x, y, G0) iff there is an edge from x to y labelled r in G0, or all of the following hold: (1) there is a vertex y'' with an edge from y' to y labelled r; (2) there is a subject y' which terminally spans to y'', or y' = y''; (3) there is a subject x' which initially spans to x, or x' = x; and (4) there is a sequence of islands I1, ..., In connected by bridges for which x' is in I1 and y' is in In .
4. Describe can*steal; don't state theorem
3. Lattice models
1. poset, <= the relation
2. highest and lowest
3. Set of classes SC is a partially ordered set under relation <= with GLB (greatest lower bound), LUB (least upper bound) operators
4. Note: is reflexive, transitive, antisymmetric
5. Examples: (A, C) <= (A', C') iff A <= A' and C is a subset of C'; LUB((A, C), (A', C')) = (max(A, A'), union(C, C')) GLB((A, C), (A', C')) = (min(A, A'), intersection(C, C'))
1. Go through security levels, categories, compartments
2. Describe simple security property (no reads up) and *-property (no writes down)
3. State Basic Security Theorem: if it's secure and transformations follow these rules, it's still secure

Notes by Jeff Rowe:
You can get this document in Postscript, ASCII text, or Framemaker version 5.1.
Send email to cs253@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562