January 24, 2024 Outline

Reading: text, §5.2.3–5.4
Due: Extra Credit #B, due January 30; Homework #2, due February 2; Project selection, due January 26

Module 18 (Reading: {text, §5.2.3)

1. Bell-LaPadula: formal model
   1. Theorem: Σ(R, D, W, z₀) satisfies the ds-property iff the initial state z₀ satisfies the ds-property and W satisfies the following conditions for each (r_i, d_i, (b′, m′, f′, h′), (b, m, f, h)):
      1. if (s, o, x) ∈ b′ − b, then x ∈ m′[s, o]; and
      2. if (s, o, x) ∈ b and x ∈ m′[s, o],then (s, o, x) ∉ b′
   2. Basic Security Theorem: A system Σ(R, D, W, z₀) is secure iff z₀ is a secure state and W satisfies the conditions of the above three theorems for each action.

Module 19 (Reading: text, §5.2.4)

2. Using the Bell-LaPadula model
   1. Define ssc-preserving, *-property-preserving, ds-property-preserving
   2. Define relation W(ω)
   3. Show conditions under which rules are ssc-preserving, *-property-preserving, ds-property-preserving
   4. Show when adding a state preserves those properties
   5. Example instantiation: get-read for Multics

Module 20 (Reading: text, §5.3)

3. Tranquility

Module 21 (Reading: text, §5.4)

4. System Z and the controversy

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 235B, Foundations of Computer and Information Security Version of January 22, 2024 at 1:39PM

You can also obtain a PDF version of this.