Outline for May 6, 2004

  1. CISS
    1. Intended for medical records; goals are confidentiality, authentication of annotators and integrity
    2. Patients, personal health information, clinician
    3. Assumptions and origin of principles
    4. Access principles
    5. Creation principle
    6. Deletion principle
    7. Confinement principle
    8. Aggregation principle
    9. Enforcement principle
    10. Comparison to Bell-LaPadula: lattice structure but different focus
    11. Comparison to Clark-Wilson: specialization
  2. ORCON
    1. Originator controls distribution
    2. DAC, MAC inadequate
    3. Solution is combination
  3. Role-based Access Control (RBAC)
    1. Definition of role
    2. Partitioning as job function
    3. Containment
  4. What is a cryptosystem?
    1. (M, C, K, D, E)
    2. Attacks: known ciphertext, known plaintext, chosen plaintext
  5. Transposition ciphers
    1. Show rail-fence cipher as example
    2. Show anagramming
  6. Simple substitution ciphers
    1. Do Cæsar cipher
    2. Present Vigenère tableau
    3. Discuss breaking it (Kasiski method).

Here is a PDF version of this document.