{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

feb16 - CS 426 class...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 426 class Feb 16, 2012 www.cs.purdue.edu/homes/ssw/cs426/{index.html,syll.pdf,outline} Trusted Operating System security - Read Chapter 5 2. Model of the environment to be secured and a way to do it. The model represents the policy. Models that prove theoretical limitations on security: Graham-Denning (Peter) model has sets S subjects, O objects, R rights; system state is (S,O,A) Access control matrix A; each object is owned by exactly one subject 8 primitive operations change ACM: {create, delete} {subject, object} {read, grant, delete, transfer} access right. rights may (r*) or may not (r) be transferable Harrison-Ruzzo-Ullman added command to G-D model command name(args) if r_1 in A[s_1,o_1] and r_2 in A[s_2,o_2] and etc. then op_1; op_2; etc. end the op_i are primitive ops, like G-D Example: command confer.read(p,q,f) // p lets q read file f if Own in A[p,f] then enter R into A[q,f] end commands are more complicated ops, like share an object HRU proved: If no command has more than one primit op (after then), then it is
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 2

feb16 - CS 426 class...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online