{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Lecture6

# Lecture6 - IS 2150 TEL 2810 Introduction to Security James...

This preview shows pages 1–9. Sign up to view the full content.

2150 / TEL 2810 IS 2150 / TEL 2810 Introduction to Security James Joshi ssociate Professor SIS Associate Professor, SIS Lecture 6 September 27, 2011 ake Grant Model Take Grant Model 1

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
bjective Objective Understand Take-Grant model pecific restricted Specific, restricted nalyze Analyze Right Sharing tealing/Theft Stealing/Theft conspiracy 2
Take-Grant Protection Model System is represented as a directed graph Subject: Object: Either : Labeled edge indicate the rights that the source object has on the destination object Four graph rewriting rules (“de jure”, “by law”, “by rights”) he graph changes as the protection state changes according to The graph changes as the protection state changes according to 1. Take rule : if t γ , the take rule produces another graph with a transitive edge α β added. γβ 3 x z y x z y x takes ( to y ) from z

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Take-Grant Protection Model 2. Grant rule : if g γ , the take rule produces another graph with a transitive edge α β added. γβ z grants ( to y ) to x x z y x z y 3. Create rule : x creates ( to new vertex) y x x y x removes ( to) y 4 4. Remove rule : - xy
ake- rant Protection Model: Take Grant Protection Model: Sharing Given G 0 , can vertex x obtain α rights over y ? Can_share ( α , x , y ,G 0 ) is true iff G 0 * G n using the four rules, & There is an α edge from x to y in G tg-path: v 0 ,…, v n with t or g edge between any pair of vertices v i , v i+1 ertices etween them Vertices tg-connected if tg-path between them Theorem: Any two subjects with tg-path of ngth 1 can share rights 5 length 1 can share rights

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
ny two subjects with f length Any two subjects with tg path of length 1 can share rights Four possible length 1 Can_share ( α , x , y , G 0 ) tg-paths 1. Take rule {t} β α x y z 2. Grant rule {g} 3. Lemma 3.1 {t} 6 4. Lemma 3.2 {g}
ny two subjects with f length Any two subjects with tg path of length 1 can share rights emma 3 1 Can_share ( α , x , y , G 0 ) Lemma 3.1 Sequence: Create β α {t} Take Grant Take x y z {t} t Prove 7 g Lemma 3.2

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Other definitions Island : Maximal tg-connected subject- only subgraph Can_share all rights in island Proof: Induction from previous theorem Bridge :
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 27

Lecture6 - IS 2150 TEL 2810 Introduction to Security James...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online