Lecture4 - 2150 / TEL 2810 IS 2150 / TEL 2810 Introduction...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 2150 / TEL 2810 IS 2150 / TEL 2810 Introduction to Security James Joshi ssociate Professor SIS Associate Professor, SIS Lecture 4 September 20, 2011 ccess Control Model Access Control Model Foundational Results 1 Objective Understand the basic results of the HRU odel model Saftey issue uring machine Turing machine Undecidability 2 Safety Problem: formally Given Initial state X = (S , O , A ) Set of primitive commands c r is not in A [s, o] Can we reach a state X n where s,o such that A [s,o] includes a right r not n in A [s,o]?- If so, the system is not safe 3- But is “ safe ” secure? Undecidable Problems Decidable Problem decision problem can be solved by an A decision problem can be solved by an algorithm that halts on all inputs in a finite number of steps. Undecidable Problem problem that cannot be solved for all A problem that cannot be solved for all cases by any algorithm whatsoever 4 Decidability Results (Harrison, Ruzzo, Ullman) Theorem : Given a system where each command consists of a single primitive command (mono-operational), there exists an algorithm that will determine if a rotection system with initial state safe with protection system with initial state X is safe with respect to right r. 5 Decidability Results (Harrison, Ruzzo, Ullman) Proof: determine minimum commands k to leak Delete/destroy : Can’t leak Create/enter : new subjects/objects “equal”, so treat all new subjects as one No test for absence of right Tests on A[s 1 , o 1 ] and A[s 2 , o 2 ] have same result as the same tests on A[s 1 , o 1 ] and A[s 1 , o 2 ] = A[s 1 , o 2 ] A[s 2 , o 2 ] If n rights leak possible, must be able to leak k= n(|S |+1)(|O |+1)+1 commands numerate all possible states to decide 6 Enumerate all possible states to decide Create Statements Delete/destroy REMOVE these c 1 c 2 c i c j c m c n c x c y c i c n c y c a c b c 2 c j c b Create s 1 ; Create s 2 Discard these …… But the condition of …… But the condition of c s 1 s 2 s 1 m needs to be changed needs to be changed s 7 Initial A 1 s 2 After execution of c b s 1 Create Statements Delete/destroy REMOVE these c 1 c 2 c i c j c m c n c x c y c i c n c y c a c b c 2 c j c b Create s 1 If Condition Condition nter atement s 1 s 2 s 1 o 1 o 2 o 1 o 2 Enter statement [ [ s r A[ s 1 , o 1 ] r A[ s 2 , o 2 ] r A[ s 1 , o 1 ] r A[ s 1 , o 2 ] Initial A 1 s 2 Just use first create s 1 After two creates X Y Z Y Z X where A[s 1 , o 2 ] = A[s 1 , o 2 ] A[s 2 , o 2 ] Decidability Results...
View Full Document

This note was uploaded on 02/07/2012 for the course SIS 2150 taught by Professor Joshi during the Fall '11 term at Pittsburgh.

Page1 / 24

Lecture4 - 2150 / TEL 2810 IS 2150 / TEL 2810 Introduction...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online