# HG changeset patch # User Christian Urban # Date 1384253462 0 # Node ID 4e8482e505904c0d7ce36254a2f902a0dd62837b # Parent 10526c967679f39d0196ae582b65fa2a01b53c69 more slides diff -r 10526c967679 -r 4e8482e50590 programs/prove2.scala --- a/programs/prove2.scala Tue Nov 12 09:57:22 2013 +0000 +++ b/programs/prove2.scala Tue Nov 12 10:51:02 2013 +0000 @@ -37,8 +37,8 @@ val Gamma: Set[Form] = Set( (Admin says Del) -> Del, - (Admin says ((Bob says Del) -> Del)), - (Bob says Del) ) + Admin says ((Bob says Del) -> Del), + Bob says Del ) val goal = Gamma |- Del // request: provable or not? @@ -48,23 +48,23 @@ def prove(j: Judgement, sc: () => Unit) : Unit = { if (j.lhs.contains(j.rhs)) sc () // Axiom rule - else prove1(j.lhs, j.rhs, sc) + else prove1(j, sc) } -def prove1(lhs: Set[Form], rhs: Form, sc: () => Unit) : Unit = - rhs match { +def prove1(j: Judgement, sc: () => Unit) : Unit = + j.rhs match { case True => sc () case False => () - case Imp(f1, f2) => prove(lhs + f1 |- f2, sc) - case Says(p, f1) => prove(lhs |- f1, sc) + case Imp(f1, f2) => prove(j.lhs + f1 |- f2, sc) + case Says(p, f1) => prove(j.lhs |- f1, sc) case Or(f1, f2) => - { prove(lhs |- f1, sc); - prove(lhs |- f2, sc) } + { prove(j.lhs |- f1, sc); + prove(j.lhs |- f2, sc) } case And(f1, f2) => - prove(lhs |- f1, - () => prove(lhs |- f2, sc)) - case _ => { for ((f, lhs_rest) <- partitions(lhs)) - prove2(f, lhs_rest, rhs, sc) } + prove(j.lhs |- f1, + () => prove(j.lhs |- f2, sc)) + case _ => { for ((f, lhs_rest) <- partitions(j.lhs)) + prove2(f, lhs_rest, j.rhs, sc) } } def prove2(f: Form, lhs_rest: Set[Form], rhs: Form, sc: () => Unit) : Unit = diff -r 10526c967679 -r 4e8482e50590 slides/slides06.pdf Binary file slides/slides06.pdf has changed diff -r 10526c967679 -r 4e8482e50590 slides/slides06.tex --- a/slides/slides06.tex Tue Nov 12 09:57:22 2013 +0000 +++ b/slides/slides06.tex Tue Nov 12 10:51:02 2013 +0000 @@ -16,6 +16,7 @@ \usetikzlibrary{calc} \usetikzlibrary{shapes} \usepackage{graphicx} +\setmonofont[Scale=MatchLowercase]{Consolas} \isabellestyle{rm} \renewcommand{\isastyle}{\rm}% @@ -106,6 +107,7 @@ \stepcounter{row} } +\newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% for definitions % beamer stuff \renewcommand{\slidecaption}{APP 06, King's College London, 12 November 2013} @@ -246,31 +248,6 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \mode{ - \begin{frame}[c] - \frametitle{Sending Messages} - - \begin{itemize} - \item Alice sends a message \bl{$m$} - \begin{center} - \bl{Alice says $m$} - \end{center}\medskip\pause - - \item Alice sends an encrypted message \bl{$m$}\\ (with key \bl{$K$}) - \begin{center} - \bl{Alice says $\{m\}_K$} - \end{center}\medskip\pause - - \item Decryption of Alice's message\smallskip - \begin{center} - \bl{\mbox{\infer{\Gamma \vdash \text{Alice}\;\text{says}\;m} - {\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_K & \Gamma \vdash \text{Alice}\,\text{says}\,K}}} - \end{center} - \end{itemize} - - \end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ @@ -294,6 +271,33 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Sending Messages} + + \begin{itemize} + \item Alice sends a message \bl{$m$} + \begin{center} + \bl{Alice says $m$} + \end{center}\medskip\pause + + \item Alice sends an encrypted message \bl{$m$} with key \bl{$K$} + (\bl{$\{m\}_K \dn K \Rightarrow m$}) + \begin{center} + \bl{Alice says $\{m\}_K$} + \end{center}\medskip\pause + + \item Decryption of Alice's message\smallskip + \begin{center} + \bl{\mbox{\infer{\Gamma \vdash \text{Alice}\;\text{says}\;m} + {\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_K & \Gamma \vdash \text{Alice}\,\text{says}\,K}}} + \end{center} + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ @@ -758,37 +762,11 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \mode{ - \begin{frame}[c] - \frametitle{} - - Recall the following scenario: - - \begin{itemize} - \item If \textcolor{blue}{Admin} says that \textcolor{blue}{\isa{file\isaliteral{5C3C5E697375623E}{} {}}} - should be deleted, then this file must be deleted. - \item \textcolor{blue}{Admin} trusts \textcolor{blue}{Bob} to decide whether - \textcolor{blue}{\isa{file\isaliteral{5C3C5E697375623E}{}}} should be deleted. - \item \textcolor{blue}{Bob} wants to delete \textcolor{blue}{\isa{file\isaliteral{5C3C5E697375623E}{}}}. - \end{itemize}\bigskip - - \small - \textcolor{blue}{\isa{{\isaliteral{5C3C47616D6D613E}{\isasymGamma}}\ {\isaliteral{3D}{\isacharequal}}}\small\begin{tabular}{l} - \isa{{\isaliteral{28}{\isacharparenleft}}Admin\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}},\\ - \isa{{\isaliteral{28}{\isacharparenleft}}Admin\ says\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}Bob\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}},\\ - \isa{Bob\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}}\\ - \end{tabular}}\medskip - - \textcolor{blue}{\isa{{\isaliteral{5C3C47616D6D613E}{\isasymGamma}}\ {\isaliteral{5C3C7475726E7374696C653E}{\isasymturnstile}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}}} - \end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] +\frametitle{Program} How to prove \bl{$\Gamma \vdash F$}?\bigskip\bigskip @@ -848,9 +826,12 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[t] +\frametitle{Program: \texttt{prove2}} I want to prove \bl{$\Gamma \vdash \text{Pred}$}\bigskip\bigskip\pause @@ -861,7 +842,7 @@ \bl{$\Gamma \vdash F_2$} \end{center}\bigskip\pause -\item So better I try to prove \bl{$\Gamma \vdash \text{Pred}$} with the additional assumption +\item So I am able to try to prove \bl{$\Gamma \vdash \text{Pred}$} with the additional assumption \bl{$F_2$}.\bigskip \begin{center} \bl{$F_2, \Gamma \vdash \text{Pred}$} @@ -875,8 +856,34 @@ \end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% for definitions +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{} + + Recall the following scenario: + + \begin{itemize} + \item If \textcolor{blue}{Admin} says that \textcolor{blue}{\isa{file\isaliteral{5C3C5E697375623E}{} {}}} + should be deleted, then this file must be deleted. + \item \textcolor{blue}{Admin} trusts \textcolor{blue}{Bob} to decide whether + \textcolor{blue}{\isa{file\isaliteral{5C3C5E697375623E}{}}} should be deleted. + \item \textcolor{blue}{Bob} wants to delete \textcolor{blue}{\isa{file\isaliteral{5C3C5E697375623E}{}}}. + \end{itemize}\bigskip + + \small + \textcolor{blue}{\isa{{\isaliteral{5C3C47616D6D613E}{\isasymGamma}}\ {\isaliteral{3D}{\isacharequal}}}\small\begin{tabular}{l} + \isa{{\isaliteral{28}{\isacharparenleft}}Admin\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}},\\ + \isa{{\isaliteral{28}{\isacharparenleft}}Admin\ says\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}Bob\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}},\\ + \isa{Bob\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}}\\ + \end{tabular}}\medskip + + \textcolor{blue}{\isa{{\isaliteral{5C3C47616D6D613E}{\isasymGamma}}\ {\isaliteral{5C3C7475726E7374696C653E}{\isasymturnstile}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}}} + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] @@ -889,15 +896,7 @@ \bl{\infer{\Gamma \vdash F}{\Gamma \vdash P\,\text{controls}\, F & \Gamma \vdash P\,\text{says}\,F}} \end{center} -\item \bl{$P$} speaks for \bl{$Q$}\smallskip\\ -\bl{$P \mapsto Q \,\dn\, \forall F. (P\,\text{says}\, F) \Rightarrow (Q \,\text{says}\,F)$}\medskip -\begin{center} -\bl{\infer{\Gamma \vdash Q\,\text{says}\,F}{\Gamma \vdash P\mapsto Q & \Gamma \vdash P\,\text{says}\,F}} -\medskip\\ -\bl{\infer{\Gamma \vdash P\,\text{controls}\,F}{\Gamma \vdash P\mapsto Q & \Gamma \vdash Q\,\text{controls}\,F}}\\ - -\end{center} \end{itemize} \end{frame}} @@ -905,25 +904,6 @@ -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Protocol Specifications} - -The Needham-Schroeder Protocol: - -\begin{center} -\begin{tabular}{@ {\hspace{-7mm}}l@{\hspace{2mm}}r@ {\hspace{1mm}}l} -Message 1 & \bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\ -Message 2 & \bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\ -Message 3 & \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\ -Message 4 & \bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\ -Message 5 & \bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\ -\end{tabular} -\end{center} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ @@ -945,31 +925,245 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Sending Rule} + + \bl{\begin{center} + \mbox{\infer{\Gamma \vdash Q \;\text{says}\; F} + {\Gamma \vdash P \;\text{says}\; F & \Gamma \vdash P \;\text{sends}\; Q : F}} + \end{center}}\bigskip\pause + + \bl{$P \,\text{sends}\, Q : F \dn$}\\ + \hspace{6mm}\bl{$(P \,\text{says}\, F) \Rightarrow (Q \,\text{says}\, F)$} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] - \frametitle{Sending Messages} + \frametitle{Trusted Third Party} + + \begin{center} + \bl{\begin{tabular}{l} + $A$ sends $S$ : $\text{Connect}(A,B)$\\ + \bl{$S \,\text{says}\, (\text{Connect}(A,B) \Rightarrow$}\\ + \hspace{2.5cm}\bl{$\{K_{AB}\}_{K_{AS}} \wedge + \{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}})$}\\ + $S$ sends $A$ : $\{K_{AB}\}_{K_{AS}}$ \bl{$\wedge$} $\{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}}$\\ + $A$ sends $B$ : $\{K_{AB}\}_{K_{BS}}$\\ + $A$ sends $B$ : $\{m\}_{K_{AB}}$ + \end{tabular}} + \end{center}\bigskip\pause + + + \bl{$\Gamma \vdash B \,\text{says} \, m$}? + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Public/Private Keys} \begin{itemize} - \item Alice sends a message \bl{$m$} - \begin{center} - \bl{Alice says $m$} - \end{center}\medskip\pause - - \item Alice sends an encrypted message \bl{$m$}\\ (with key \bl{$K$}) - \begin{center} - \bl{Alice says $\{m\}_K$} - \end{center}\medskip\pause - - \item Decryption of Alice's message\smallskip + \item Bob has a private and public key: \bl{$K_{Bob}^{pub}$}, \bl{$K_{Bob}^{priv}$}\bigskip \begin{center} \bl{\mbox{\infer{\Gamma \vdash \text{Alice}\;\text{says}\;m} - {\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_K & \Gamma \vdash \text{Alice}\,\text{says}\,K}}} + {\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_{K_{Bob}^{pub}} & + \Gamma \vdash K_{Bob}^{priv}}}} + \end{center}\bigskip\pause + + \item this is {\bf not} a derived rule! + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Security Levels} + \small + + \begin{itemize} + \item Top secret (\bl{$T\!S$}) + \item Secret (\bl{$S$}) + \item Public (\bl{$P$}) + \end{itemize} + + \begin{center} + \bl{$slev(P) < slev(S) < slev(T\!S)$}\pause \end{center} + + \begin{itemize} + \item Bob has a clearance for ``secret'' + \item Bob can read documents that are public or sectret, but not top secret \end{itemize} \end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Reading a File} + + \bl{\begin{center} + \begin{tabular}{c} + \begin{tabular}{@ {}l@ {}} + \only<2->{\textcolor{red}{$slev($File$)$ $<$ $slev($Bob$)$ $\Rightarrow$}}\\ + \only<2->{\hspace{3cm}}Bob controls Permitted $($File, read$)$\\ + Bob says Permitted $($File, read$)$\only<2->{\\} + \only<2>{\textcolor{red}{$slev($File$)$ $<$ $slev($Bob$)$}}% + \only<3>{\textcolor{red}{$slev($File$)$ $=$ $P$}\\}% + \only<3>{\textcolor{red}{$slev($Bob$)$ $=$ $S$}\\}% + \only<3>{\textcolor{red}{$slev(P)$ $<$ $slev(S)$}\\}% + \end{tabular}\\ + \hline + Permitted $($File, read$)$ + \end{tabular} + \end{center}} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Substitution Rule} + \small + + \bl{\begin{center} + \begin{tabular}{c} + $\Gamma \vdash slev(P) = l_1$ \hspace{4mm} $\Gamma \vdash slev(Q) = l_2$ + \hspace{4mm} $\Gamma \vdash l_1 < l_2$\\\hline + $\Gamma \vdash slev(P) < slev(Q)$ + \end{tabular} + \end{center}}\bigskip\pause + + \begin{itemize} + \item \bl{$slev($Bob$)$ $=$ $S$} + \item \bl{$slev($File$)$ $=$ $P$} + \item \bl{$slev(P) < slev(S)$} + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Reading a File} + + \bl{\begin{center} + \begin{tabular}{c} + \begin{tabular}{@ {}l@ {}} + $slev($File$)$ $<$ $slev($Bob$)$ $\Rightarrow$\\ + \hspace{3cm}Bob controls Permitted $($File, read$)$\\ + Bob says Permitted $($File, read$)$\\ + $slev($File$)$ $=$ $P$\\ + $slev($Bob$)$ $=$ $T\!S$\\ + \only<1>{\textcolor{red}{$?$}}% + \only<2>{\textcolor{red}{$slev(P) < slev(S)$}\\}% + \only<2>{\textcolor{red}{$slev(S) < slev(T\!S)$}}% + \end{tabular}\\ + \hline + Permitted $($File, read$)$ + \end{tabular} + \end{center}} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Transitivity Rule} + \small + + \bl{\begin{center} + \begin{tabular}{c} + $\Gamma \vdash l_1 < l_2$ + \hspace{4mm} $\Gamma \vdash l_2 < l_3$\\\hline + $\Gamma \vdash l_1 < l_3$ + \end{tabular} + \end{center}}\bigskip + + \begin{itemize} + \item \bl{$slev(P) < slev (S)$} + \item \bl{$slev(S) < slev (T\!S)$} + \item[] \bl{$slev(P) < slev (T\!S)$} + \end{itemize} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Reading Files} + + \begin{itemize} + \item Access policy for reading + \end{itemize} + + \bl{\begin{center} + \begin{tabular}{c} + \begin{tabular}{@ {}l@ {}} + $\forall f.\;slev(f)$ \only<1>{$<$}\only<2>{\textcolor{red}{$\le$}} $slev($Bob$)$ $\Rightarrow$\\ + \hspace{3cm}Bob controls Permitted $(f$, read$)$\\ + Bob says Permitted $($File, read$)$\\ + $slev($File$)$ $=$ \only<1>{$P$}\only<2>{\textcolor{red}{$T\!S$}}\\ + $slev($Bob$)$ $=$ $T\!S$\\ + $slev(P) < slev(S)$\\ + $slev(S) < slev(T\!S)$ + \end{tabular}\\ + \hline + Permitted $($File, read$)$ + \end{tabular} + \end{center}} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \mode{ + \begin{frame}[c] + \frametitle{Writing Files} + + \begin{itemize} + \item Access policy for \underline{writing} + \end{itemize} + + \bl{\begin{center} + \begin{tabular}{c} + \begin{tabular}{@ {}l@ {}} + $\forall f.\;slev($Bob$)$ $\le$ $slev(f)$ $\Rightarrow$\\ + \hspace{3cm}Bob controls Permitted $(f$, write$)$\\ + Bob says Permitted $($File, write$)$\\ + $slev($File$)$ $=$ $T\!S$\\ + $slev($Bob$)$ $=$ $S$\\ + $slev(P) < slev(S)$\\ + $slev(S) < slev(T\!S)$ + \end{tabular}\\ + \hline + Permitted $($File, write$)$ + \end{tabular} + \end{center}} + + \end{frame}} + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% + + +\end{document} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{