大纲

Making Transformative Geographies Pub Date : 2018-12-31 DOI:10.7591/9781501705977-003

Johannes Wernz

{"title":"大纲","authors":"Johannes Wernz","doi":"10.7591/9781501705977-003","DOIUrl":null,"url":null,"abstract":"1. Bell-LaPadula Model: intuitive, security classifications only (a) Level, categories, define clearance and classification (b) Simple security condition (no reads up), *-property (no writes down), discretionary security property (c) Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure 2. Bell-LaPadula Model: intuitive, now add category sets (a) Apply lattice i. Set of classes SC is a partially ordered set under relation dom with glb (greatest lower bound), lub (least upper bound) operators ii. Note: dom is reflexive, transitive, antisymmetric iii. Example: (A,C) dom (A′,C′) iff A≤ A′ and C ⊆C′; lub((A,C),(A′,C′)) = (max(A,A′),C∪C′); and glb((A,C),(A′,C′)) = (min(A,A′),C∩C′) (b) Simple security condition (no reads up), *-property (no writes down), discretionary security property (c) Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure 3. Maximum, current security level 4. Example: Trusted Solaris 5. Bell-LaPadula: formal model (a) Set of requests is R (b) Set of decisions is D (c) W ⊆ R×D×V ×V is motion from one state to another. (d) System Σ(R,D,W,z0) ⊆ X ×Y × Z such that (x,y,z) ∈ Σ(R,D,W,z0) iff (xt ,yt ,zt ,zt−1) ∈W for each i ∈ T ; latter is an action of system (e) Theorem: Σ(R,D,W,z0) satisfies the simple security condition for any initial state z0 that satisfies the simple security condition iff W satisfies the following conditions for each action (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. each (s,o,x) ∈ b′−b satisfies the simple security condition relative to f ′ (i.e., x is not read, or x is read and fs(s)dom fo(o)); and ii. if (s,o,x) ∈ b does not satisfy the simple security condition relative to f ′, then (s,o,x) / ∈ b′ (f) Theorem: Σ(R,D,W,z0) satisfies the *-property relative to S′ ⊆ S for any initial state z0 that satisfies the *property relative to S′ iff W satisfies the following conditions for each (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. for each s ∈ S′, any (s,o,x) ∈ b′−b satisfies the *-property with respect to f ′; and ii. for each s ∈ S′, if (s,o,x) ∈ b does not satisfy the *-property with respect to f ′, then (s,o,x) / ∈ b′ (g) Theorem: Σ(R,D,W,z0) satisfies the ds-property iff the initial state z0 satisfies the ds-property and W satisfies the following conditions for each (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. if (s,o,x) ∈ b′−b, then x ∈ m′[s,o]; and ii. if (s,o,x) ∈ b and x ∈ m′[s,o],then (s,o,x) / ∈ b′ (h) Basic Security Theorem: A system Σ(R,D,W,z0) is secure iff z0 is a secure state and W satisfies the conditions of the above three theorems for each action. 6. Using the Bell-LaPadula model","PeriodicalId":166883,"journal":{"name":"Making Transformative Geographies","volume":"107 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Outline\",\"authors\":\"Johannes Wernz\",\"doi\":\"10.7591/9781501705977-003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"1. Bell-LaPadula Model: intuitive, security classifications only (a) Level, categories, define clearance and classification (b) Simple security condition (no reads up), *-property (no writes down), discretionary security property (c) Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure 2. Bell-LaPadula Model: intuitive, now add category sets (a) Apply lattice i. Set of classes SC is a partially ordered set under relation dom with glb (greatest lower bound), lub (least upper bound) operators ii. Note: dom is reflexive, transitive, antisymmetric iii. Example: (A,C) dom (A′,C′) iff A≤ A′ and C ⊆C′; lub((A,C),(A′,C′)) = (max(A,A′),C∪C′); and glb((A,C),(A′,C′)) = (min(A,A′),C∩C′) (b) Simple security condition (no reads up), *-property (no writes down), discretionary security property (c) Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure 3. Maximum, current security level 4. Example: Trusted Solaris 5. Bell-LaPadula: formal model (a) Set of requests is R (b) Set of decisions is D (c) W ⊆ R×D×V ×V is motion from one state to another. (d) System Σ(R,D,W,z0) ⊆ X ×Y × Z such that (x,y,z) ∈ Σ(R,D,W,z0) iff (xt ,yt ,zt ,zt−1) ∈W for each i ∈ T ; latter is an action of system (e) Theorem: Σ(R,D,W,z0) satisfies the simple security condition for any initial state z0 that satisfies the simple security condition iff W satisfies the following conditions for each action (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. each (s,o,x) ∈ b′−b satisfies the simple security condition relative to f ′ (i.e., x is not read, or x is read and fs(s)dom fo(o)); and ii. if (s,o,x) ∈ b does not satisfy the simple security condition relative to f ′, then (s,o,x) / ∈ b′ (f) Theorem: Σ(R,D,W,z0) satisfies the *-property relative to S′ ⊆ S for any initial state z0 that satisfies the *property relative to S′ iff W satisfies the following conditions for each (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. for each s ∈ S′, any (s,o,x) ∈ b′−b satisfies the *-property with respect to f ′; and ii. for each s ∈ S′, if (s,o,x) ∈ b does not satisfy the *-property with respect to f ′, then (s,o,x) / ∈ b′ (g) Theorem: Σ(R,D,W,z0) satisfies the ds-property iff the initial state z0 satisfies the ds-property and W satisfies the following conditions for each (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. if (s,o,x) ∈ b′−b, then x ∈ m′[s,o]; and ii. if (s,o,x) ∈ b and x ∈ m′[s,o],then (s,o,x) / ∈ b′ (h) Basic Security Theorem: A system Σ(R,D,W,z0) is secure iff z0 is a secure state and W satisfies the conditions of the above three theorems for each action. 6. Using the Bell-LaPadula model\",\"PeriodicalId\":166883,\"journal\":{\"name\":\"Making Transformative Geographies\",\"volume\":\"107 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Making Transformative Geographies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.7591/9781501705977-003\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Making Transformative Geographies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.7591/9781501705977-003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

摘要

1. Bell-LaPadula模型:直观的，只有安全分类(a)级别，类别，定义权限和分类(b)简单的安全条件(不向上读)，*-属性(不向下写)，自由裁量的安全属性(c)基本安全定理:如果它是安全的，并且转换遵循这些规则，它将保持安全2。Bell-LaPadula模型:直观，现在添加范畴集(a)应用格i。类集SC是关系dom下的偏序集合，具有glb(最大下界)，lub(最小上界)算子ii。注:dom是自反的，传递的，反对称的。例:(A,C) dom (A '，C ')如果A≤A '且C≤C ';lub((A,C)，(A '，C ')) = (max(A,A ')，C∪C ');and glb((A,C)，(A '，C ')) = (min(A,A ')，C∩C ') (b)简单安全条件(不向上读)，*-属性(不向下写)，任意安全属性(C)基本安全定理:如果它是安全的，并且转换遵循这些规则，它将保持安全3。最大，当前安全级别为4。示例:可信Solaris 5。贝尔-拉帕杜拉:形式模型(a)请求集为R (b)决定集为D (c) W≥R×D×V ×V是从一种状态到另一种状态的运动。(d)系统Σ(R, d,W,z0)对X ×Y × Z，使(X,y, Z)∈Σ(R, d,W,z0) iff (xt,yt,zt,zt−1)∈W，对于每个i∈T;定理:Σ(R,D,W,z0)对于满足简单安全条件的任意初始状态z0满足简单安全条件iff W对于每个动作(ri,di，(b,m, f '，h ')，(b,m, f,h))满足以下条件:i. each (s,o,x)∈b ' - b满足相对于f '的简单安全条件(即x未被读取，或x被读取，fs(s)dom to (o));和二世。如果(s,o,x)∈b不满足相对于f '的简单安全条件，则(s,o,x) /∈b ' (f)定理:Σ(R,D,W,z0)对于满足相对于s '的*性质的任何初始状态z0，对于每个(ri,di，(b,m, f '，h ')，(b,m, f,h)) W满足以下条件:i对于每个s∈s '，任何(s,o,x)∈b ' - b满足相对于s '的*-性质;和二世。对于每个s∈s '，如果(s,o,x)∈b不满足关于f '的*-性质，则(s,o,x) /∈b ' (g)定理:Σ(R,D,W,z0)满足ds-性质如果初始状态z0满足ds-性质并且W满足以下条件对于每个(ri,di，(b,m, f '，h ')，(b,m, f,h)): i.如果(s,o,x)∈b ' - b，则x∈m ' [s,o];和二世。如果(s,o,x)∈b,x∈m ' [s,o]，则(s,o,x) /∈b ' (h)基本安全定理:系统Σ(R,D,W,z0)是安全的，如果z0是安全状态，并且W对每个动作都满足上述三个定理的条件。6. 使用Bell-LaPadula模型

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Outline

1. Bell-LaPadula Model: intuitive, security classifications only (a) Level, categories, define clearance and classification (b) Simple security condition (no reads up), *-property (no writes down), discretionary security property (c) Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure 2. Bell-LaPadula Model: intuitive, now add category sets (a) Apply lattice i. Set of classes SC is a partially ordered set under relation dom with glb (greatest lower bound), lub (least upper bound) operators ii. Note: dom is reflexive, transitive, antisymmetric iii. Example: (A,C) dom (A′,C′) iff A≤ A′ and C ⊆C′; lub((A,C),(A′,C′)) = (max(A,A′),C∪C′); and glb((A,C),(A′,C′)) = (min(A,A′),C∩C′) (b) Simple security condition (no reads up), *-property (no writes down), discretionary security property (c) Basic Security Theorem: if it is secure and transformations follow these rules, it will remain secure 3. Maximum, current security level 4. Example: Trusted Solaris 5. Bell-LaPadula: formal model (a) Set of requests is R (b) Set of decisions is D (c) W ⊆ R×D×V ×V is motion from one state to another. (d) System Σ(R,D,W,z0) ⊆ X ×Y × Z such that (x,y,z) ∈ Σ(R,D,W,z0) iff (xt ,yt ,zt ,zt−1) ∈W for each i ∈ T ; latter is an action of system (e) Theorem: Σ(R,D,W,z0) satisfies the simple security condition for any initial state z0 that satisfies the simple security condition iff W satisfies the following conditions for each action (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. each (s,o,x) ∈ b′−b satisfies the simple security condition relative to f ′ (i.e., x is not read, or x is read and fs(s)dom fo(o)); and ii. if (s,o,x) ∈ b does not satisfy the simple security condition relative to f ′, then (s,o,x) / ∈ b′ (f) Theorem: Σ(R,D,W,z0) satisfies the *-property relative to S′ ⊆ S for any initial state z0 that satisfies the *property relative to S′ iff W satisfies the following conditions for each (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. for each s ∈ S′, any (s,o,x) ∈ b′−b satisfies the *-property with respect to f ′; and ii. for each s ∈ S′, if (s,o,x) ∈ b does not satisfy the *-property with respect to f ′, then (s,o,x) / ∈ b′ (g) Theorem: Σ(R,D,W,z0) satisfies the ds-property iff the initial state z0 satisfies the ds-property and W satisfies the following conditions for each (ri,di,(b,m, f ′,h′),(b,m, f ,h)): i. if (s,o,x) ∈ b′−b, then x ∈ m′[s,o]; and ii. if (s,o,x) ∈ b and x ∈ m′[s,o],then (s,o,x) / ∈ b′ (h) Basic Security Theorem: A system Σ(R,D,W,z0) is secure iff z0 is a secure state and W satisfies the conditions of the above three theorems for each action. 6. Using the Bell-LaPadula model

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Making Transformative Geographies

自引率

0.00%

发文量