1
ISA 562:
ACCESS CONTROL
MECHANISMS
Selections from Chapters 7 Fred Schneider's Notes
2
7.1. Protection Domains
Users are too coarse gran for fine grain access control
Fine grain is required to adhere to the principle of least privilege.
Solution: pro

1
ISA 562: Key
Management
Chapter 10 from Bishops Book
Enhanced with Kerberos details
2
Overview
Session and Interchange Keys
Key Exchange
Key Generation
Key Infrastructure
Storing and Revoking Keys
Digital Signatures
3
Notation used in Specifying

ISA 562
INFORMATION SECURITY THEORY AND
PRACTICE
Hybrid Policies
Chapter 7 from Bishops book
2
Overview
Chinese Wall Model
RBAC
ORCON
Clinical Information Systems Security Policy
3
Chinese Wall Model
The Chinese wall Policy refers to a collection of

1
ISA 562 INTERNET SECURITY
THEORY AND PRACTICE
Integrity Policies
Chapter 6 from Bishops book
2
Overview
Background
Bibas models
Strict Integrity Policy
Low-Water-Mark Policy
Combining Biba and BLP
Lipners model
Clark-Wilson model
3
Background
Ca

ISA 562: Cryptography
Chapter 9.1, 9.2 of Bishops Book:
1
Overview of Contents
Background: The need for cryptography
Secret Key Cryptography
Caesar cipher
Vigenre cipher
2
3
Cryptography
Cryptology means hidden writing
Comes from the Greek words (h

ISA 562: SSL and TLS
Bishop Chapter 11
1
2
Overview
Background
SSL
IPSEC
This lecture contains material by Prof. Ravi Sandhu and that by Eric
Rescorla in his talk The Internet is Too Secure Already at USENIX03
3
Network Model
ISO/OSI model vs TCP/IP

1
ISA 562
Authentication
Chapter 12 from Bishops Book
2
Identification
Identification is a process through which one
ascertains the identity of another person or entity.
Identification requires establishing the uniqueness
of an entity
Authentication do

1
ISA 562: KEY MANAGEMENT
Chapter 10 from Bishops Book
Enhanced with Kerberos details
2
Overview
Session and Interchange Keys
Key Exchange
Key Generation
Key Infrastructure
Storing and Revoking Keys
Digital Signatures
3
Notation used in Specifying P

ISA 562
Hash Functions and
Computing Probabilities
This class
I will use Chapter 6 and corresponding pdf transparency
to describe attacks on hash Functions from the following
lectures from UCSD.
http:/cseweb.ucsd.edu/~mihir/cse207
Hash functions are de

ISA562
Assignment 03
Some correct Answers
Professor Duminda Wijesekera
Teaching Assistant: David Samudio
GMU ASSIGNMENT HONOR CODE
This code is an extension of the GMU CS Department Honor code. Therefore, all previous policies remain active and by no mean

ISA562
Assignment 02
Some correct Answers
Professor Duminda Wijesekera
Teaching Assistant: David Samudio
GMU ASSIGNMENT HONOR CODE
This code is an extension of the GMU CS Department Honor code. Therefore, all previous policies remain active and by no mean

ISA 562, Fall 2015, Assignment 4
Out: October 27, 2015, In: November 03, 2015
1. [10 points] If M and N are relatively prime, prove that m/gcd(m,n) and
n/gcd(m,n) are relatively rime. [Hint: use Euclids Algorithm]
2. [10 points] If A and B

1
ISA562 Cryptography
Chapter 9.3. of Bishops Book
2
Outline
Concepts of Public Key Cryptosystems
Applications of Public Key Cryptosystems
Number theory underlies most of public key
algorithms.
Well-known Public Key Cryptosystems
Diffie-Hellman: key

1
ISA 562 INFORMATION
SYSTEM SECURITY
Access Control: Confidentiality Policies
Chapter 5 from Bishops Book
1
2
Overview
Review and background
Review - lattices
Military systems and Dennings Axioms
Bell-LaPadula (BLP) Policy
Step 1 clearance/classific

1
ISA 562 FALL 2015
Basic Probability - Refresher
Reference: http:/www.maths.cam.ac.uk/ studentreps/tripos.html
2
Introduction
Probability prerequisites for cryptography
Sample spaces, events and experiments
Conditional probability, random variables an

ISA 562-Class 1
ISA 562: FALL 2015
Introduction to the Class
Access Control -1
Chapter 1 and 2 of the Bishops Book
1
ISA 562-Class 1
2
Preliminary Details
Catalog Description: A technical introduction to the theory and practice of
information security, w

Undeicdability ISA 562
Supplementary Material
Turing Machines
Universal Turing Machines
Undeciability
12/26/15
Duminda Wijesekera
1
Turing Machines
Finite control
input
a a b a c _ _ _
A Turing Machine is a finite state machine
augmented with an infinite

ISA 562
Information Security
Theory and Practice
Role-based Access Control
References
1.
2.
3.
NIST documents at http:/csrc.nist.gov/rbac/
D. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, R.
Chandramouli, "A Proposed Standard for Role Based
Access Control

ISA 562
Information Security Theory and
Practice
Hybrid Policies
Chapter 7 from Bishops book
Overview
Chinese Wall Model
RBAC
ORCON
Clinical Information Systems Security Policy
2
3
Chinese Wall Model
The Chinese wall Policy refers to a collection of

1
ISA 562 Fall 2015
Foundational Results in Access
Control
Chapters 3.0 to 3.3 and 15.1 to 15.2 of Bishops Book
Duminda Wijesekera
2
Overview
Review
The access control matrix model
Turing machines and the halting problem
Undecidability
Safety Questi

1
ISA 562 Information
System Security
Access Control: Confidentiality
Policies
Chapter 5 from Bishops Book
1
2
Overview
Review and background
Review - lattices
Military systems and Dennings Axioms
Bell-LaPadula (BLP) Policy
Step 1 clearance/classific

ISA 562 Internet Security
Theory and Practice
Integrity Policies
Chapter 6 from Bishops book
1
Overview
Background
Bibas models
Strict Integrity Policy
Low-Water-Mark Policy
Combining Biba and BLP
Lipners model
Clark-Wilson model
2
3
Background
C

ISA 562
Access Control Policies
- Chapter 4 of Bishop-
1
Overview
Policies
The Role of Trust
Types of Access Control
Policy Expression Languages
Limits on Precise Security Mechanisms
2
3
Security Policy
A security policy is a statement that partiti

1
ISA 562: Block cyphers
From Chapter 3, Network Security
Kaufman, Pearlman and Speciner
ISA 562-Addiional Material
2
Topics
Generic Block Cipher
DES
Modes of Block Ciphers
Multiple Encryptions
Message Authentication through Secret Key
Cryptography.

Supplementary Number Theory
ISA 562: Number theory
1
Supplementary Number Theory
2
Recommended Reference text on Number theory for
Cryptography
Number Theory for Computing
Second edition
Song Y. Yan
Springer-Verlag,
ISBN = 3-540-43072-5
ISA 562
ISA 5

ISA562
Assignment 05
Some correct Answers
Professor Duminda Wijesekera
Teaching Assistant: David Samudio
GMU ASSIGNMENT HONOR CODE
This code is an extension of the GMU CS Department Honor code. Therefore, all previous policies remain active and by no mean

ISA562
Assignment 04
Some correct Answers
Professor Duminda Wijesekera
Teaching Assistant: David Samudio
GMU ASSIGNMENT HONOR CODE
This code is an extension of the GMU CS Department Honor code. Therefore, all previous policies remain active and by no mean

ISA562
Assignment 01
Some correct Answers
Professor Duminda Wijesekera
Teaching Assistant: David Samudio
GMU ASSIGNMENT HONOR CODE
This code is an extension of the GMU CS Department Honor code. Therefore, all previous policies remain active and by no mean

Certificates and
Public-Key Infrastructure
Thanks to Vitaly
Shmatikov and
Moxie Marlinspike
for slides
slide 1
Reading Assignment
Kaufman 15.1-7
slide 2
Motivation
https:/
What cryptographic keys are used
to protect communication?
slide 3
Authenticity of

Email Security
Thanks to Vitaly Shmatikov and
Angelos Stavrou for slides
Administrative
Project 1 is being graded
Midterm next week review during the last half
of class
Please email me your tentative final project
groups
Two Main Trusts
Adding securit