feb16 - CS 426 class Feb 16, 2012

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 426 class Feb 16, 2012 www.cs.purdue.edu/homes/ssw/cs426/{index.html,syll.pdf,outline} Trusted Operating System security - Read Chapter 5 2. Model of the environment to be secured and a way to do it. The model represents the policy. Models that prove theoretical limitations on security: Graham-Denning (Peter) model has sets S subjects, O objects, R rights; system state is (S,O,A) Access control matrix A; each object is owned by exactly one subject 8 primitive operations change ACM: {create, delete} {subject, object} {read, grant, delete, transfer} access right. rights may (r*) or may not (r) be transferable Harrison-Ruzzo-Ullman added command to G-D model command name(args) if r_1 in A[s_1,o_1] and r_2 in A[s_2,o_2] and etc. then op_1; op_2; etc. end the op_i are primitive ops, like G-D Example: command confer.read(p,q,f) // p lets q read file f if Own in A[p,f] then enter R into A[q,f] end commands are more complicated ops, like share an object HRU proved: If no command has more than one primit op (after then), then it is
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 2

feb16 - CS 426 class Feb 16, 2012

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online