Outline for April 13, 2000 1. Greetings and felicitations! a. Web site up and running b. Homeworks back via UCDisk 2. Policy a. Define security policy, secure system, breach of security formally b. Security models c. Confidentiality, integrity policies; distinguish from military, commercial policies d. Role of trust in modeling e. DAC vs. MAC f. Policy languages: high level, low level 3. Lattice models a. poset, ? the relation b. highest and lowest c. Set of classes SC is a partially ordered set under relation ? with GLB (greatest lower bound), LUB (least upper bound) operators d. Note: is reflexive, transitive, antisymmetric e. Examples: (A, C) ? (A', C') iff A ? A' and C is a subset of C'; LUB((A, C), (A', C')) = (max(A, A'), ?(C, C')), GLB((A, C), (A', C')) = (min(A, A'), ?(C, C')) 4. Bell-LaPadula Model a. Go through security levels, categories, compartments b. Describe simple security property (no reads up) and *-property (no writes down) c. State Basic Security Theorem: if it's secure and transformations follow these rules, it's still secure d. Add in discretionary security policy