Lecture 8: April 16, 2021

Reading: text, §27.2, 2, 3.1–3.2
Due: Homework 2, due April 21, 2021; Lab 1, due April 19, 2021


  1. The models and levels of abstraction

  2. Representing attacks
    1. Requires/provides model
    2. Attack graphs

  3. Access Control Matrix
    1. Commands and conditions: create•file, various flavors of grant•right to show conditions and nested commands
    2. Copy flag, own rights
    3. Principle of attenuation of privilege

  4. Decidability of security
    1. Notion of leakage in terms of ACM
    2. Determining security of a generic system with generic rights and mono-operational commands is decidable
    3. Determining security of a generic system with generic rights is undecidable (HRU result)
    4. Meaning: can?t derive a generic algorithm; must look at (sets of) individual case


UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: [email protected]
ECS 135, Computer Security
Version of April 15, 2021 at 12:12AM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh