January 7, 2019 Outline
Reading: text, §2, [Z+05]
Due: Homework #1, due January 23
- Introduction to class
- General information
- Homework
- Handouts
- Access control matrix and entities
- Subject, objects (includes subjects)
- State is (S, O, A) where A is access control matrix
- Rights (represent abstract notions)
- Instantiating access control matrices
- Example: UNIX file system
- read, write, execute on files
- read, write, execute on directories
- Example: History and limiting rights
- Primitive operations
- enter r into A[s, o]
- delete r from A[s, o]
- create subject s (note that ∀x [ A[s′, x] = A[x, s′] = ∅ ])
- create object o (note that ∀x [ A[x, o′] = ∅ ])
- destroy subject s
- destroy object o
- Commands and examples
- Regular command: create•file
- Mono-operational command: make•owner
- Conditional command: grant•rights
- Biconditional command: grant•read•if•r•and•c
- Doing “or” of 2 conditions: grant•read•if•r•or•c
- General form
- Miscellaneous points
- Copy flag and right
- Own as a distinguished right
- Principle of attenuation of privilege