April 8, 2026 Outline

Reading: text, §4, 5–5.2.1, 5.2.3
Assignments: Homework #1, due April 10; Project selection, due April 17

1. Policy, models, and mechanisms

2. Policy languages

3. Secure, precise
   1. Observability postulate
   2. Theorem: for any program p and policy c, there is a secure, precise mechanism m* such that, for all security mechanisms m associated with p and c, m* ≈ m
   3. Theorem: There is no effective procedure that determines a maximally precise, secure mechanism for any policy and program

4. Review Bell-LaPadula Model: intuitive, security classifications only
   1. Level, categories, define clearance and classification
   2. Simple security condition (no reads up), *-property (no writes down), discretionary security property
   3. Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure

5. Review Bell-LaPadula Model: intuitive, now add category sets
   1. Apply lattice
   2. Simple security condition (no reads up), *-property (no writes down), using the dom relation; discretionary security property
   3. Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure

6. Maximum, current security level

7. Bell-LaPadula: formal model
   1. Set of requests is R
   2. Set of decisions is D
   3. W ⊆ R×D×V×V is motion from one state to another.
   4. System Σ(R, D, W, z₀) ⊆ X×Y×Z such that (x, y, z) ∈ Σ(R, D, W, z₀) iff (x_t, y_t, z_t, z_t−1) ∈ W for each t ∈ T; latter is an action of system

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 235B, Foundations of Computer and Information Security Version of April 8, 2026 at 3:16PM

You can also obtain a PDF version of this.