January 7, 2019 Outline

Reading: text, §2, [Z+05]
Due: Homework #1, due January 23


  1. Introduction to class
    1. General information
    2. Homework
    3. Handouts
  2. Access control matrix and entities
    1. Subject, objects (includes subjects)
    2. State is (S, O, A) where A is access control matrix
    3. Rights (represent abstract notions)
  3. Instantiating access control matrices
    1. Example: UNIX file system
      1. read, write, execute on files
      2. read, write, execute on directories
    2. Example: History and limiting rights
  4. Primitive operations
    1. enter r into A[s, o]
    2. delete r from A[s, o]
    3. create subject s (note that ∀x [ A[s′, x] = A[x, s′] = ∅ ])
    4. create object o (note that ∀x [ A[x, o′] = ∅ ])
    5. destroy subject s
    6. destroy object o
  5. Commands and examples
    1. Regular command: create•file
    2. Mono-operational command: make•owner
    3. Conditional command: grant•rights
    4. Biconditional command: grant•read•if•r•and•c
    5. Doing “or” of 2 conditions: grant•read•if•r•or•c
    6. General form
  6. Miscellaneous points
    1. Copy flag and right
    2. Own as a distinguished right
    3. Principle of attenuation of privilege

UC Davis seal
Matt Bishop
Office: 2209 Watershed Science
Phone: +1 (530) 752-8060
Email: [email protected]
You can also obtain a PDF version of this.
Version of January 7, 2019 at 11:43PM