Outline for April 3, 2013

Reading: §2; [ZLN05] (This is available in the Resources area of SmartSite; look in the folder “Handouts”)
Due: Homework #1, due April 12, 2013

1. Access control matrix and entities
   1. Subject, objects (includes subjects)
   2. State is (S, O, A) where A is access control matrix
   3. Rights (represent abstract notions)
2. Instantiating access control matrices
   1. Example 1: UNIX file system
      1. read, write, execute on files
      2. read, write, execute on directories
   2. Example 2: Boolean expression evaluation
      1. Verbs and rules
      2. Access Restriction Facility
   3. Example 3: History and limiting rights
      1. Static rights, current rights
      2. Malicious library routine
3. Primitive operations
   1. enter r into A[s, o]
   2. delete r from A[s, o]
   3. create subject s (note that ∀x[ A[s′, x] = A[x, s′] = ∅ ])
   4. create object o (note that ∀x[ A[x, o′] = ∅ ])
   5. destroy subject s
   6. destroy object o
4. Commands and examples
   1. Regular command: create•file
   2. Mono-operational command: make•owner
   3. Conditional command: grant•rights
   4. Biconditional command: grant•read•if•r•and•c
   5. Doing “or” of 2 conditions: grant•read•if•r•or• c
   6. General form
5. Miscellaneous points
   1. Copy flag and right
   2. Own as a distinguished right
   3. Principle of attenuation of privilege