Mercurial Mercurial > hg > rc / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Paper.thy
changeset 3 4d25a9919688
parent 1 dcde836219bc
child 8 2dab4bbb6684
equal deleted inserted replaced
2:301f567e2a8e 3:4d25a9919688 
  1324   We have approximately 1000 lines of code for definitions and 6000 lines of
 
  1324   We have approximately 1000 lines of code for definitions and 6000 lines of
 
  1325   code for proofs. Our formalisation is available from the
 
  1325   code for proofs. Our formalisation is available from the
 
  1326   Mercurial repository at \url{http://www.dcs.kcl.ac.uk/staff/urbanc/cgi-bin/repos.cgi/rc/}.\\[-12mm]
 
  1326   Mercurial repository at \url{http://www.dcs.kcl.ac.uk/staff/urbanc/cgi-bin/repos.cgi/rc/}.\\[-12mm]
 
  1327 
  1327 
  1328 
  1328 
  1329 %  0. Not Policy-Analysis: cause even policy is analysed correct, there is still a gap between it and policy application to the real Access Control system. Hence here Our dynamic model is bridging this gap.  Policy-Analysis "basic" based on "Information flow", but it is not enough: the static "write" right to a certain typed file do not mean a process having this right definitely can write the file, it has to pass a "particular" "Control Flow" to achieve the state of "There are this typed file and this righted process"! 
       
  1330 %  1. Both Dynamic and Statical analysis, and proved link between two \\
 
       
  1331 %  2. Tainting Relation Formalisation  \\
 
       
  1332 %  3. Formalisation and Verification than Model Checking  \\
 
       
  1333 %  4. Universal Checker of Policy  \\
 
       
  1334 %  5. source of RC rules made more precise \\
 
       
  1335 %  6. RC example of Webserver with CGIs (key notion: Program Based Roles)  \\
 
       
  1336 %  7. RBAC is more Policy-lever(with HUGE companies, many stablised num of roles but frequently varifying num of users); RC is more Program Base Roles, set for system with a lot of program based default value, once pre-setted, it will remains after running. which is key to policy checker.
 
       
  1337 
       
  1338 %The distinct feature of RC is to deal with program based roles, such as server behaviour. 
       
  1339 %This is in contrast to usual RSBAC models where roles are modeled around a hierachy, for
 
       
  1340 %example in a company. 
       
  1341 
       
  1342 
       
  1343 %In a word, what the manager need is that given the
 
  1329 %In a word, what the manager need is that given the
 
  1344 %initial state of the system, a policy checker that make sure the under the policy
 
  1330 %initial state of the system, a policy checker that make sure the under the policy
 
  1345 %he made, this important file cannot: 1. be deleted; 2. be tainted. 
  1331 %he made, this important file cannot: 1. be deleted; 2. be tainted. 
  1346 %Formally speaking, this policy-checker @{text "PC"} (a function that given the 
  1332 %Formally speaking, this policy-checker @{text "PC"} (a function that given the 
  1347 %initial state of system, a policy and an object, it tells whether this object 
  1333 %initial state of system, a policy and an object, it tells whether this object 
  1359 % 1. fully statical, that means this policy-checker should not rely on the system 
  1345 % 1. fully statical, that means this policy-checker should not rely on the system 
  1360 %running information, like new created files/process, and most importantly the 
  1346 %running information, like new created files/process, and most importantly the 
  1361 %trace of system running. 
  1347 %trace of system running. 
  1362 % 2. decidable, that means this policy-checker should always terminate.
 
  1348 % 2. decidable, that means this policy-checker should always terminate.
 
  1363 
  1349 
  1364 
       
  1365 %   The purpose of an operating system is to provide a common
 
       
  1366 %  interface for accessing resources. This interface is typically 
       
  1367 %  realised as a collection of system calls, for example for reading 
       
  1368 %  and writing files, forking of processes, or sending and receiving 
       
  1369 %  messages. Role based access control is one approach for 
       
  1370 %  restricting access to such system calls: if a user has
 
       
  1371 %  suffient rights, then a system call can be performed. 
       
  1372 
       
  1373 %  a user might have
 
       
  1374 %  one or more roles and acces is granted if the role has sufficent
 
       
  1375 %  rights
 
       
  1376 
       
  1377 %  static world...make predictions about accessing
 
       
  1378 %  files, do they translate into actual systems behaviour.
 
       
  1379 
       
  1380   
       
  1381 *}
 
  1350 *}
 
       
  1351 
       
  1352 
       
  1353 
  1382 
  1354 
  1383 
  1355 
  1384 (*<*)
 
  1356 (*<*)
 
  1385 end
 
  1357 end
 
  1386 
  1358
rc