Outline for October 14, 2014

Reading: text, § 15.4–15.5, 4.1–4.4
  1. Lock and Key
      Shamit’s secret sharing scheme
  2. MULTICS ring mechanism
    1. Rings, gates, ring-crossing faults
    2. Used for both data and procedures; rights are REWA
    3. (b1, b2) access bracket — can access freely; (b3, b4) call bracket — can call segment through gate; so if a’s access bracket is (32, 35) and its call bracket is (36, 39), then assuming permission mode (REWA) allows access, a procedure in:
      rings 0–31: can access a, but ring-crossing fault occurs
      rings 32–35: can access a, no ring-crossing fault
      rings 36–39: can access a, provided a valid gate is used as an entry point
      rings 40–63: cannot access a
    4. If the procedure is accessing a data segment d, no call bracket allowed; given the above, assuming permission mode (REWA) allows access, a procedure in:
      rings 0–32: can access d
      rings 33–35: can access d, but cannot write to it (W or A)
      rings 36–63: cannot access d
  3. PACLs
    1. Creator kept with PACL, and only creator can change it
    2. PACLs associated with both subjects, objects
    3. Subject reads object: object’s PACL associated with subject; subject creates object: subject’s PACL associated with object
  4. Policy
    1. Sets of authorized, unauthorized states
    2. Secure systems in terms of states
    3. Mechanism vs. policy
  5. Types of Policies
    1. Military/government vs. confidentiality
    2. Commercial vs. integrity
  6. Types of Access Control
    1. Mandatory access control
    2. Discretionary access control
    3. Originator-controlled access control
  7. High-level policy languages
    1. Characterization
    2. Example: DTEL
  8. Low-level policy languages
    1. Characterization
    2. Example: tripwire configuration file
  9. Policies in natural language
You can also obtain a PDF version of this. Version of October 14, 2014 at 4:02PM
ECS 235A, Computer and Information Security
Fall Quarter 2014