Outline for May 12, 1997

1.	Greetings and Felicitations

a.	Please remember to give me write-ups of your vulnerabilities, both what worked 
and what didn¼t, in the format discussed earlier

2.	Take-Grant

a.	Show bridges (as a combination of terminal and initial spans)

b.	Show islands (maximal subject-only tg-connected subgraphs)

c.	canÄshare(r, x, y, G0) iff there is an edge from x to y labelled r in G0, or all of the 
following hold: (1) there is a vertex  y¼¼ with an edge from y¼ to y labelled r; (2) 
there is a subject y¼ which terminally spans to y¼¼, or y¼ = y¼¼; (3)  there is a subject 
x¼ which initially spans to x, or x¼ = x; and (4) there is a sequence of islands I1, ..., 
In connected by bridges for which x¼ is in I1 and y¼ is in In .

d.	Describe canÄsteal; don¼t state theorem

3.	Lattice models

a.	poset, æ the relation

b.	highest and lowest

c.	Set of classes SC is a partially ordered set under relation æ with GLB (greatest 
lower bound), LUB (least upper bound) operators 

d.	Note: is reflexive, transitive, antisymmetric 

e.	Examples: (A, C) æ (A', C') iff A æ A' and C is a subset of C'; LUB((A, C), (A', C')) = 
(max(A, A'), union(C, C')) GLB((A, C), (A', C')) = (min(A, A'), intersection(C, C'))

4.	Bell-LaPadula (informal)

a.	Go through security levels, categories, compartments

b.	Describe simple security property (no reads up) and *-property (no writes down)

c.	State Basic Security Theorem: if it¼s secure and transformations follow these rules, 
it¼s still secure