This preview shows page 1. Sign up to view the full content.
Unformatted text preview: , …
Examples of generic rights:
• Copy capability: create a new capability for the same
Copy object: create a duplicate object with a new
Remove capability: delete an entry from the C-list;
Destroy object: permanently remove an object and a
capability. Trusted Computing Base Use protection mechanism/policy + other techniques
TCB contains all code that affects security policy: MM, CPU
Want it to be small Formal Models of Secure Systems (a) An authorized state. (b) An unauthorized state.
Can a system reach an authorized state? The Bell-La Padula Model
Rules for the Bell-La Padula model:
• The simple security property: A process running at
security level k can read only objects at its level or
lower. • The * property: A process running at security level k
can write only objects at its level or higher. - seems backwards?
Read-down, write-up The Bell-La Padula Model All arrows go up or sideways Next
MOS Chapter 8
DFS, Read provenance papers...
View Full Document