January 24, 2024 Outline

Reading: text, §5.2.2–5.2.3
Due: Extra Credit #B, due January 30; Homework #2, due February 2; Project selection, due January 26


Module 17 (Reading: text, §5.2.2)

  1. Maximum, current security level
  2. Example: Trusted Solaris

Module 18 (Reading: {text, §5.2.3)

  1. Bell-LaPadula: formal model
    1. Set of requests is R
    2. Set of decisions is D
    3. WR × D × V × V is motion from one state to another.
    4. System Σ(R, D, W, z0) ⊆ X × Y × Z such that (x, y, z) ∈ Σ(R, D, W, z0) iff (xt, yt, zt, zt−1) ∈ W for each iT; latter is an action of system
    5. Theorem: Σ(R, D, W, z0) satisfies the simple security condition for any initial state z0 that satisfies the simple security condition iff W satisfies the following conditions for each action (ri, di, (b′, m′, f′, h′), (b, m, f, h)):
      1. each (s, o, x) ∈ b′ − b satisfies the simple security condition relative to f′ (i.e., x is not read, or x is read and fs(s) dom fo(o)); and
      2. if (s, o, x) ∈ b does not satisfy the simple security condition relative to f′, then (s, o, x) ∉ b
    6. Theorem: Σ(R, D, W, z0) satisfies the *-property relative to S′ ⊆ S for any initial state z0 that satisfies the *-property relative to S′ iff W satisfies the following conditions for each (ri, di, (b′, m′, f′, h′), (b, m, f, h)):
      1. for each sS′, any(s, o, x) ∈ b′ − b satisfies the *-property with respect to f′; and
      2. for each sS′, if (s, o, x) ∈ b does not satisfy the *-property with respect to f′, then (s, o, x) ∉ b

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: [email protected]
ECS 235B, Foundations of Computer and Information Security
Version of January 24, 2024 at 7:20PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh