CSE 227: Lecture 7

The topics covered in this lecture are SFI efficiency, Mandatory vs Discretionary Access Control, forming into groups for reading and presenting research papers, and, as promised, a new paper.

SFI Efficiency

The big distinction of SFI is the ability to implement the security policies efficiently: we could very simply (conceptually) perform per-memory reference access checks by having an interpreter for the native processor architecture, but that would lead to an unacceptable performance loss.

For write accesses, SFI does not ``check'' the access; rather, it only enforces that the access is within the memory region where writes are allowed. Correctly written programs that do not violate the memory access policy are unaffected; programs that violate policy won't run as ``designed'', but that's okay as long as they don't violate system integrity. The enforcement is extremely cheap: about two addition machine instructions per original memory write instruction (depends on instruction set architecture whether obtaining the constants needed requires more instructions).

Mandatory Access Control

Mandatory Access Control (MAC) refers to having a mandatory security policy that is enforced by the underlying operating system, as opposed to having access controls that are up to the users to enforce.

Standard Unix provides only Discretionar Access Control (DAC).

MAC systems are used in high security applications (often military) and generally implement the Bell-LaPadula security model. Here, objects (files) are labelled with confidentiality labels, and subjects (users and their processes) are labelled with clearance labels. The policy can be summarized as "read down; write up" -- a process with "secret" clearance may not read "top secret" files but may read "secret", "sensitive", "public", etc files. Such a process may only write "secret" and "top secret" files. Thus, nobody can declassify data by reading it a top secret file and writing to a public file, violating confidentiality.


You should form into groups of 3. We'll be reading research papers soon where groups of students will be assigned to make presentations to the rest of the class. All students will also be required to write summaries of the papers (main technical points, the thesis of the paper, etc) to turn in to me by email. The class web page will have the papers and the presentation assignments.

Reading Assignment

Read Mobile Agents: Are they a good idea? [pdf]. Email me a summary of the main ideas / theses of this paper, no more than 2 pages of plain ASCII 80-column text, by Monday, Jan 28.
[ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | certserver ]
picture of bsy

bsy+cse227w02@cs.ucsd.edu, last updated Mon Apr 8 20:19:52 PDT 2002. Copyright 2002 Bennet Yee.
email bsy.

Don't make me hand over my privacy keys!