CSCI283 Fall 2005 Lecture III Part 1 - PowerPoint PPT Presentation

About This Presentation
Title:

CSCI283 Fall 2005 Lecture III Part 1

Description:

CSCI283 Fall 2005 Lecture III Part 1. GWU. Security Policy. Slides added on to clarify definitions of precision and security. 10/15/09 ... – PowerPoint PPT presentation

Number of Views:14
Avg rating:3.0/5.0
Slides: 15
Provided by: poo69
Category:
Tags: iii | addendum | csci283 | fall | lecture | part

less

Transcript and Presenter's Notes

Title: CSCI283 Fall 2005 Lecture III Part 1


1
Security PolicySlides added on to clarify
definitions of precision and security
  • CSCI283 Fall 2005 Lecture III Part 1
  • GWU

2
Secure, Precise MechanismsMath. Definition
provided in earlier slides
  • Program a function with multiple inputs and one
    output
  • Let p be a function
  • p I1 ? ... ? In ? R
  • Then p is a program with
  • n inputs ik ? Ik, 1 k n, and
  • one output r ? R

3
The functionExplanation of math definition
  • The function is what needs to be provided to the
    user
  • p is what the user needs to obtain

4
Protection Mechanism Math. Definition provided
in earlier slides
  • p I1 ? ... ? In ? R
  • A protection mechanism m for p is a function
  • m I1 ? ... ? In ? R ? E
  • such that when ik ? Ik, 1 k n, either
  • m(i1, ..., in) p(i1, ..., in) or
  • m(i1, ..., in) ? E.
  • E is set of error outputs, m defines what errors
    are allowed

5
Protection Mechanism Explanation of math
definition
  • The protection mechanism m for p provides either
  • the value of p or
  • an error
  • It can provide nothing else no other function,
    for example
  • The error may be a security-related,
    parameter-related (e.g. divide by zero) or a
    reliability-related error

6
Protection mechanism Explanation of math
definition
p(i1 i2 .. in)
p(i1 i2 .. in)
i1 i2 .. in
m
p
error
7
General Security Policy
  • Example Reveal a value if it is smaller than 5
  • Does not say anything about the functions input
    parameters, only about its output

8
Confidentiality Policy Math. Definition provided
in earlier slides
  • Confidentiality policy for program p says which
    inputs can be revealed
  • c I1 ? ... ? In ? A
  • where A ? I1 ? ... ? In is set of inputs
    available to observer

9
Confidentiality Policy Explanation of math
definition
  • Confidentiality policy for program p says which
    inputs can be revealed to a mechanism that
    determines the function, i.e. the inputs are not
    directly revealed to the user

Only some values
i1 i2 .. in
c
10
Security mechanism Math. Definition provided in
earlier slides
  • m I1 ? ... ? In ? R ? E
  • m secure iff
  • m A ? R ? E
  • such that, for all ik ? Ik, 1 k n
  • m(i1, ..., in) m(c(i1, ..., in))
  • m returns values consistent with c

11
Security mechanism Explanation of math definition
  • Is there some m which can operate only on the
    values allowed by the confidentiality policy c
    and still produce m?

12
Security mechanism Explanation of math definition
p(i1 i2 .. in)
p(i1 i2 .. in)
i1 i2 .. in
m
p
error

p(i1 i2 .. in)
Only some values
i1 i2 .. in
c
?m
error
13
Precision Math. Definition provided in earlier
slides
  • m1, m2 distinct protection mechanisms for program
    p under policy c
  • m1 as precise as m2 (m1 m2) if,
  • for all inputs i1, , in,
  • m2(i1, , in) p(i1, , in) ? m1(i1, , in)
    p(i1, , in)
  • m1 more precise than m2 (m1 m2) if
  • there is an input (i1, , in) such that
  • m1(i1, , in) p(i1, , in) and
  • m2(i1, , in) ? p(i1, , in).

14
Precision Explanation of math definition
  • m1 as precise as m2 (m1 m2)
  • means that, if m2 does not give an error, m1 does
    not. Think of m1 as at least as precise as m2
  • If m2 does give an error, this says nothing about
    what m1 does it may or may not give an error
  • m1 more precise than m2 (m1 m2) means that
    there are some places where m2 gives an error,
    but m1 does not, i.e. it says that when m2 gives
    an error, at least one time m1 does not
Write a Comment
User Comments (0)
About PowerShow.com