Lecture 18: May 11, 2026

Reading: text, §136
Assignments: Homework 3, due May 13, 2026 (Note extension from May 11, 2026)

1. Greetings and felicitations!
   1. Canvas problems: what happened?
   2. Passkeys as authentication mechanism

2. Access Control Lists
   1. Full access control lists
   2. Abbreviations (UNIX method)
   3. Issues in the way lists work
   4. Revocation issue

3. Capabilities
   1. Capability-based addressing
   2. Capabilities as security mechanisms
   3. Inheritance of C-Lists

4. Lock and Key
   1. Associate with each object a lock; associate with each process that has access to object a key (it’s a cross between ACLs and C-Lists)
   2. Example: cryptographic (Gifford). X object enciphered with key K. Associate an opener R with X. Then:
      OR-Access: K can be recovered with any D_i in a list of n deciphering transformations, so
      R = (E₁(K), E₂(K), …, E_n(K)) and any process with access to any of the D_i’s can access the file
      AND-Access: need all n deciphering functions to get K: R = E₁(E₂(… E_n(K) …))
   3. Types and locks

5. Secret sharing

6. MULTICS ring mechanism
   1. Rings, gates, ring-crossing faults
   2. Used for both data and procedures; rights are REWA
      (b₁, b₂) access bracket—can access freely; (b₃, b₄) call bracket—can call segment through gate; so if a’s access bracket is (32, 35) and its call bracket is (36, 39), then assuming permission mode (REWA) allows access, a procedure in:
      rings 0–31: can access a, but ring-crossing fault occurs
      rings 32–35: can access a, no ring-crossing fault
      rings 36–39: can access a, provided a valid gate is used as an entry point
      rings 40–63: cannot access a
   3. If the procedure is accessing a data segment d, no call bracket allowed; given the above, assuming permission mode (REWA) allows access, a procedure in:
      rings 0–32: can access d
      rings 33–35: can access d, but cannot write to it (W or A)
      rings 36–63: cannot access d

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 153A, Computer & Information Security & Privacy I Version of May 11, 2026 at 12:40AM

You can also obtain a PDF version of this.