Outline for April 7, 2006
Reading: text, §3.3.3—3.4
- Greetings and felicitations!
- Stealing
- Definition: can•steal(r,
x, y, G0) true
iff there is no edge from x to y labeled
r in G0, and there exists a
sequence of protection graphs
G0, ..., Gn
such that G0 ⊢*
Gn:
- Gn has an edge from
x to y labeled r
- There is a sequence of rule applications
ρ1, ..., ρn
such that Gn−1
⊢ Gi; and
- For all vertices v, w in
Gn−1,
if there is an edge from v to y in
G0 labeled r,
then ρi is not of the form
“v grants (r to
y) to w”
- Example
- Theorem: can•steal(r,
x, y, G0) iff
all of the following hold:
- there is no edge from x to y labeled
r in G0;
- there is a subject x′ which initially
spans to x, or x′ = x;
and
- there is a vertex s with an edge labeled
r to y in G0
and for which can•share(r,
x, y, G0)
holds
- Conspiracy
- Access set
- Deletion set
- Conspiracy graph
- I, T sets
- Theorem: can•share(r,
x, y, G0) iff
there is a path from some h(p)
∈ I(x) to some h(q)
∈ T(Y)
- Schematic Protection Model
- Model components
- Link function
- Filter function
- Example: Take-Grant as an instance of SPM
- Create operations and attenuation
Version of April 7, 2006 at 3:00 PM
You can also obtain a PDF version of this.