Table of Notation for Noninterference and Nondeducibility


notation   meaning
S   set of subjects s
Σ   set of states σ
O   set of outputs o
Z   set of commands z
C   set of state transition commands (s, z), where subject s executes command z
C*   set of possible sequences of commands c0, …, cni
ν   empty sequence
cs   sequence of commands
T(c, σi)   resulting state when command c is executed in state σi
T*(cs, σi)   resulting state when command sequence cs is executed in state σi
P(c, σi)   output when command c is executed in state σi
P*(cs, σi)   output when command sequence cs is executed in state σi
proj(s, cs, σi)   set of outputs in P*(cs, σi) that subject s is authorized to see
πG,A(cs)   subsequence of cs with all elements (s, z), sG and zA deleted
dom(c)   protection domain in which c is executed
~dom(c)   equivalence relation on system states
π′d(cs)   analogue to π above, but with protection domain and subject included

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235B, Foundations of Computer and Information Security
Version of February 10, 2021 at 7:54PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh