03 - Chapter 3: Foundational Results Overview...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result Corollaries Take-Grant Protection Model SPM and successors
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-2 Overview Safety Question HRU Model Take-Grant Protection Model SPM, ESPM Multiparent joint creation Expressive power Typed Access Matrix Model
Background image of page 2
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-3 What Is “Secure”? Adding a generic right r where there was not one is “leaking” • If a system S , beginning in initial state s 0 , cannot leak right r , it is safe with respect to the right r .
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-4 Safety Question Does there exist an algorithm for determining whether a protection system S with initial state s 0 is safe with respect to a generic right r ? Here, “safe” = “secure” for an abstract model
Background image of page 4
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-5 Mono-Operational Commands Answer: yes Sketch of proof: Consider minimal sequence of commands c 1 , …, c k to leak the right. Can omit delete , destroy Can merge all create s into one Worst case: insert every right into every entry; with s subjects and o objects initially, and n rights, upper bound is k n ( s +1)( o +1)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-6 General Case Answer: no Sketch of proof: Reduce halting problem to safety problem Turing Machine review: Infinite tape in one direction States K , symbols M ; distinguished blank b Transition function δ ( k , m ) = ( k , m , L) means in state k , symbol m on tape location replaced by symbol m , head moves to left one square, and enters state k – Halting state is q f ; TM halts when it enters this state
Background image of page 6
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-7 Mapping A B C D head s 1 s 2 s 3 s 4 s 4 s 3 s 2 s 1 A B C k D end own own own Current state is k
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-8 Mapping A B X D head s 1 s 2 s 3 s 4 s 4 s 3 s 2 s 1 A B X D k 1 end own own own After δ ( k , C) = ( k 1 , X, R) where k is the current state and k 1 the next state
Background image of page 8
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-9 Command Mapping δ ( k , C) = ( k 1 , X, R) at intermediate becomes command c k ,C ( s 3 , s 4 ) if own in A [ s 3 , s 4 ] and k in A [ s 3 , s 3 ] and C in A [ s 3 , s 3 ] then delete k from A [ s 3 , s 3 ]; delete C from A [ s 3 , s 3 ]; enter X into A [ s 3 , s 3 ]; enter k 1 into A [ s 4 , s 4 ]; end
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-10 Mapping A B X Y head s 1 s 2 s 3 s 4 s 4 s 3 s 2 s 1 A B X Y own own own After δ ( k 1 , D) = ( k 2 , Y, R) where k 1 is the current state and k 2 the next state s 5 s 5 own b k 2 end
Background image of page 10
July 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-11 Command Mapping δ ( k 1 , D) = ( k 2 , Y, R) at end becomes command crightmost k ,C ( s 4 , s
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/04/2008 for the course CS 526 taught by Professor Wagstaff during the Fall '07 term at Purdue.

Page1 / 78

03 - Chapter 3: Foundational Results Overview...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online