Outline for October 18, 2006

Reading: §23.4, 2

  1. Greetings and felicitations!
    1. Puzzle of the day
  2. Aslam
    1. Goal: Treat vulnerabilities as faults
    2. Coding faults: introduced during software development
      1. Synchronization errors
      2. Validation errors
    3. Emergent faults: introduced by incorrect initialization, use, or application
      1. Configuration errors
      2. Environment faults
    4. Introduced decision procedure to classify vulnerabilities in exactly one category
  3. Access Control Matrix
    1. Subjects, objects, and rights
    2. Primitive commands: create subject/object, enter right, delete right, destroy subject/object
    3. Commands and conditions: create-file, various flavors of grant-right to show conditions and nested commands
    4. Copy flag
    5. Attenuation of privileges
You can also obtain a PDF version of this. Version of October 19, 2006 at 7:42 PM