This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: 2150 / TEL 2810 IS 2150 / TEL 2810 Introduction to Security James Joshi ssociate Professor SIS Associate Professor, SIS Lecture 4 September 20, 2011 ccess Control Model Access Control Model Foundational Results 1 Objective Understand the basic results of the HRU odel model Saftey issue uring machine Turing machine Undecidability 2 Safety Problem: formally Given Initial state X = (S , O , A ) Set of primitive commands c r is not in A [s, o] Can we reach a state X n where s,o such that A [s,o] includes a right r not n in A [s,o]? If so, the system is not safe 3 But is “ safe ” secure? Undecidable Problems Decidable Problem decision problem can be solved by an A decision problem can be solved by an algorithm that halts on all inputs in a finite number of steps. Undecidable Problem problem that cannot be solved for all A problem that cannot be solved for all cases by any algorithm whatsoever 4 Decidability Results (Harrison, Ruzzo, Ullman) Theorem : Given a system where each command consists of a single primitive command (monooperational), there exists an algorithm that will determine if a rotection system with initial state safe with protection system with initial state X is safe with respect to right r. 5 Decidability Results (Harrison, Ruzzo, Ullman) Proof: determine minimum commands k to leak Delete/destroy : Can’t leak Create/enter : new subjects/objects “equal”, so treat all new subjects as one No test for absence of right Tests on A[s 1 , o 1 ] and A[s 2 , o 2 ] have same result as the same tests on A[s 1 , o 1 ] and A[s 1 , o 2 ] = A[s 1 , o 2 ] A[s 2 , o 2 ] If n rights leak possible, must be able to leak k= n(S +1)(O +1)+1 commands numerate all possible states to decide 6 Enumerate all possible states to decide Create Statements Delete/destroy REMOVE these c 1 c 2 c i c j c m c n c x c y c i c n c y c a c b c 2 c j c b Create s 1 ; Create s 2 Discard these …… But the condition of …… But the condition of c s 1 s 2 s 1 m needs to be changed needs to be changed s 7 Initial A 1 s 2 After execution of c b s 1 Create Statements Delete/destroy REMOVE these c 1 c 2 c i c j c m c n c x c y c i c n c y c a c b c 2 c j c b Create s 1 If Condition Condition nter atement s 1 s 2 s 1 o 1 o 2 o 1 o 2 Enter statement [ [ s r A[ s 1 , o 1 ] r A[ s 2 , o 2 ] r A[ s 1 , o 1 ] r A[ s 1 , o 2 ] Initial A 1 s 2 Just use first create s 1 After two creates X Y Z Y Z X where A[s 1 , o 2 ] = A[s 1 , o 2 ] A[s 2 , o 2 ] Decidability Results...
View
Full Document
 Fall '11
 Joshi
 Halting problem, current state, Ullman, Ruzzo

Click to edit the document details