Outline for April 14, 2006

Reading: text, §4.1, 4.7, 5.1—5.2, 30

1. Greetings and felicitations!
2. Security policies and mechanisms
   1. Policy vs. mechanism
   2. Secure, precise
   3. Observability postulate
   4. Theorem: for any program p and policy c, there is a secure, precise mechanism m^* such that, for all security mechanisms m associated with p and c, m^* ≈ m
   5. Theorem: There is no effective procedure that determines a maximally precise, secure mechanism for any policy and program
3. Bell-LaPadula Model (security classifications only)
   1. Security clearance, classification
   2. Simple security condition (no reads up)
   3. *-property (no writes down)
   4. Discretionary security property
   5. Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure
4. Lattice models
   1. Poset, ≤ the relation
   2. Reflexive, antisymmetric, transitive
   3. Greatest lower bound, least upper bound
   4. Example with complex numbers