Outline for May 12, 1997

1. Greetings and Felicitations
   1. Please remember to give me write-ups of your vulnerabilities, both what worked and what didn't, in the format discussed earlier
2. Take-Grant
   1. Show bridges (as a combination of terminal and initial spans)
   2. Show islands (maximal subject-only tg-connected subgraphs)
   3. can*share(r, x, y, G₀) iff there is an edge from x to y labelled r in G₀, or all of the following hold: (1) there is a vertex y'' with an edge from y' to y labelled r; (2) there is a subject y' which terminally spans to y'', or y' = y''; (3) there is a subject x' which initially spans to x, or x' = x; and (4) there is a sequence of islands I₁, ..., I_n connected by bridges for which x' is in I₁ and y' is in I_n .
   4. Describe can*steal; don't state theorem
3. Lattice models
   1. poset, <= the relation
   2. highest and lowest
   3. Set of classes SC is a partially ordered set under relation <= with GLB (greatest lower bound), LUB (least upper bound) operators
   4. Note: is reflexive, transitive, antisymmetric
   5. Examples: (A, C) <= (A', C') iff A <= A' and C is a subset of C'; LUB((A, C), (A', C')) = (max(A, A'), union(C, C')) GLB((A, C), (A', C')) = (min(A, A'), intersection(C, C'))
4. Bell-LaPadula (informal)
   1. Go through security levels, categories, compartments
   2. Describe simple security property (no reads up) and *-property (no writes down)
   3. State Basic Security Theorem: if it's secure and transformations follow these rules, it's still secure