Outline for April 7, 2006

Reading: text, §3.3.3—3.4

  1. Greetings and felicitations!
  2. Stealing
    1. Definition: can•steal(r, x, y, G0) true iff there is no edge from x to y labeled r in G0, and there exists a sequence of protection graphs G0, ..., Gn such that G0* Gn:
      1. Gn has an edge from x to y labeled r
      2. There is a sequence of rule applications ρ1, ..., ρn such that Gn−1Gi; and
      3. For all vertices v, w in Gn−1, if there is an edge from v to y in G0 labeled r, then ρi is not of the form “v grants (r to y) to w
    2. Example
    3. Theorem: can•steal(r, x, y, G0) iff all of the following hold:
      1. there is no edge from x to y labeled r in G0;
      2. there is a subject x′ which initially spans to x, or x′ = x; and
      3. there is a vertex s with an edge labeled r to y in G0 and for which can•share(r, x, y, G0) holds
  3. Conspiracy
    1. Access set
    2. Deletion set
    3. Conspiracy graph
    4. I, T sets
    5. Theorem: can•share(r, x, y, G0) iff there is a path from some h(p) ∈ I(x) to some h(q) ∈ T(Y)
  4. Schematic Protection Model
    1. Model components
    2. Link function
    3. Filter function
    4. Example: Take-Grant as an instance of SPM
    5. Create operations and attenuation

Version of April 7, 2006 at 3:00 PM

You can also obtain a PDF version of this.