lecture 3 decidability
play

Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS - PowerPoint PPT Presentation

Apr 14, 2023 •211 likes •783 views

Outline Review Decidability of security Take-Grant Protection Model Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS 235B, Foundations of Information and Computer Security January 11, 2011 Outline Review Decidability of

  1. Outline Review Decidability of security Take-Grant Protection Model Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  2. Outline Review Decidability of security Take-Grant Protection Model 1 Review 2 Decidability of security Mono-operational command case General case 3 Take-Grant Protection Model Sharing rights Take-Grant Systems Stealing rights Conspiracy Lecture 3, Slide 2 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  3. Outline Review Decidability of security Take-Grant Protection Model Why no “or”? Unnecessary! Break conditional expression into sequence of disjuncts Write command with same body for each disjunct Call them sequentially! Lecture 3, Slide 3 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  4. Outline Review Decidability of security Take-Grant Protection Model r , c Commands command grant · read · f i l e · i f r ( p , f ) in A[ p , f ] i f r then into A[ q , f ] ; enter r enter w into A[ q , f ] ; end command grant · read · f i l e · i f c ( p , f ) i f c in A[ p , f ] then enter r into A[ q , f ] ; enter w into A[ q , f ] ; end Lecture 3, Slide 4 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  5. Outline Review Decidability of security Take-Grant Protection Model r or c Command command grant · read · f i l e · i f r o r c ( p , f ) grant · read · f i l e · i f r ( p , f ) grant · read · f i l e · i f c ( p , f ) end Lecture 3, Slide 5 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  6. Outline Review Decidability of security Take-Grant Protection Model What is “Secure”? Leaking Adding a generic right r where there was not one is leaking Safe If a system S , beginning in initial state s 0 , cannot leak right r , it is safe with respect to the right r . Here, “safe” = “secure” for an abstract model Lecture 3, Slide 6 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  7. Outline Review Decidability of security Take-Grant Protection Model What is Does “Decidable” Mean? Safety Question Does there exist an algorithm for determining whether a protection system S with initial state s 0 is safe with respect to a generic right r ? Lecture 3, Slide 7 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  8. Outline Review Decidability of security Take-Grant Protection Model Mono-operational command case Mono-Operational Commands Answer: Yes! Proof sketch: Consider minimal sequence of commands c 1 , . . . , c k to leak the right Can omit delete , destroy Can merge all create s into one Worst case: insert every right into every entry; with s subjects, o objects, and n rights initially, upper bound is k ≤ n ( s + 1)( o + 1) Lecture 3, Slide 8 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  9. Outline Review Decidability of security Take-Grant Protection Model Mono-operational command case Proof (1) Consider minimal sequences of commands (of length m ) needed to leak r from system with initial state s 0 Identify each command by the type of primitive operation it invokes Cannot test for absence of rights, so delete , destroy not relevant Ignore them Reorder sequences of commands so all create s come first Can be done because enter s require subject, object to exist Commands after these create s check only for existence of right Lecture 3, Slide 9 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  10. Outline Review Decidability of security Take-Grant Protection Model Mono-operational command case Proof (2) It can be shown (see homework): Suppose s 1 , s 2 are created, and commands test rights in A [ s 1 , o 1 ], A [ s 2 , o 2 ] Doing the same tests on A [ s 1 , o 1 ] and A [ s 1 , o 2 ] = A [ s 1 , o 2 ] ∪ A [ s 2 , o 2 ] gives same result Thus all create s unnecessary Unless s 0 is empty; then you need to create it (1 create ) In s 0 : | S 0 | number of subjects, | O 0 | number of objects, n number of (generic) rights In worst case, 1 create So a total of at most ( | S 0 | + 1)( | O 0 | + 1) elements So m ≤ n ( | S 0 | + 1)( | O 0 | + 1) Lecture 3, Slide 10 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  11. Outline Review Decidability of security Take-Grant Protection Model General case General Case Answer: No Proof sketch: 1 Show arbitrary Turing machine can be reduced to safety problem 2 Then deciding safety problem means deciding the halting problem Lecture 3, Slide 11 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  12. Outline Review Decidability of security Take-Grant Protection Model General case Turing Machine Review Infinite tape in one direction States K , symbols M , distinguished blank b / State transition function δ ( k , m ) = ( k ′ , m ′ , L) in state k with symbol m under the TM head replace m with m ′ , move head left one square, enter state k ′ Halting state is q f Lecture 3, Slide 12 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  13. Outline Review Decidability of security Take-Grant Protection Model General case Mapping Turing machine access control matrix representation s 1 s 2 s 3 s 4 · · · s 1 A o · · · 1 2 3 4 · · · B · · · s 2 o A B C D · · · ⇒ s 3 C k o · · · ↑ D e · · · s 4 k . . . . . ... . . . . . . . . . . Turing machine with head over square 3 on tape, in state k and its representation as an access control matrix o is own right e is end right Lecture 3, Slide 13 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  14. Outline Review Decidability of security Take-Grant Protection Model General case Mapping Turing machine access control matrix representation · · · s 1 s 2 s 3 s 4 s 1 A o · · · 1 2 3 4 · · · s 2 B o · · · A B X D · · · ⇒ X · · · s 3 o ↑ s 4 D k 1 e · · · k 1 . . . . . ... . . . . . . . . . . After δ ( k , C) = ( k 1 , X, R), where k is the previous state and k 1 the current state Lecture 3, Slide 14 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  15. Outline Review Decidability of security Take-Grant Protection Model General case Command Mapping δ ( k , C) = ( k 1 , X, R) at intermediate becomes: command c k , C ( s i , s i +1 ) i f o in A[ s i , s i +1 ] and k in A[ s i , s i ] and C in A[ s i , s i ] then delete k from A[ s i , s i ] ; delete C from A[ s i , s i ] ; enter X into A[ s i , s i ] ; enter k 1 into A[ s i +1 , s i +1 ] ; end Lecture 3, Slide 15 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  16. Outline Review Decidability of security Take-Grant Protection Model General case Mapping Turing machine access control matrix representation s 1 s 2 s 3 s 4 s 5 A s 1 o 1 2 3 4 5 A B X Y / b s 2 B o ⇒ X ↑ s 3 o s 4 Y o k 2 s 5 k 2 e After δ ( k 1 , D) = ( k 2 , Y, R), where k 1 is the previous state and k 2 the current state Lecture 3, Slide 16 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  17. Outline Review Decidability of security Take-Grant Protection Model General case Command Mapping δ ( k 1 , D) = ( k 2 , Y, R) at intermediate becomes: command crightmost k , D ( s i , s i +1 ) i f e in A[ s i , s i ] and k 1 in A[ s i , s i ] and D in A[ s i , s i ] then e from A[ s i , s i ] ; delete create subject y ; enter o into A[ s i , s i +1 ] ; enter e into A[ s i +1 , s i +1 ] ; delete k 1 from A[ s i , s i ] ; delete D from A[ s i , s i ] ; enter Y into A[ s i , s i ] ; enter k 2 into A[ s i +1 , s i +1 ] ; end Lecture 3, Slide 17 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  18. Outline Review Decidability of security Take-Grant Protection Model General case Rest of Proof Protection system exactly simulates a Turing machine Exactly 1 end ( e ) right in access control matrix 1 right in entries corresponds to state Thus, at most 1 applicable command If Turing machine enters state q f , then right has leaked If safety question decidable, then represent TM as protection system and determine if q f leaks This implies halting problem is decidable Conclusion: safety question undecidable Lecture 3, Slide 18 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  19. Outline Review Decidability of security Take-Grant Protection Model General case Other Results Set of unsafe symbols is recursively enumerable Delete create primitive; then safety question is complete in P-SPACE Delete destroy , delete primitives; then safety question is undecidable Such systems are called monotonic Safety question for monoconditional, monotonic protection systems is decidable Safety question for monoconditional protection systems with create , enter , delete (and no destroy ) is decidable Lecture 3, Slide 19 ECS 235B, Foundations of Information and Computer Security January 11, 2011

  20. Outline Review Decidability of security Take-Grant Protection Model Take-Grant Protection Model A specific (not generic) system Set of rules for state transitions Safety decidable, and in time linear with the size of the system Goal: find conditions under which rights can be transferred from one entity to another in the system Lecture 3, Slide 20 ECS 235B, Foundations of Information and Computer Security January 11, 2011

Recommend

Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen

Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen

Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen February 3, 2014 1 Decidability We introduced the TM as a general purpose model of com- putation. An algorithm was basically defined

507 views • 25 slides
Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of

Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of

Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of Basel May 4, 2016 (Semi-) Decidability Recursive Enumerability Models of Computation and Semi-Decidability Summary Overview: Computability Theory

600 views • 39 slides
Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of

Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of

Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of Computer Science D6.1 (Semi-) Decidability D6. Decidability and Semi-Decidability D6.2 Recursive Enumerability Malte Helmert University of Basel D6.3

406 views • 7 slides
Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which problems have algorithmic solutions Machine Learning Feasibility what assumptions must we make to trust that we can learn an unknown target

246 views • 22 slides
Decidability Decidability p.1/27 Topics Discuss the power of algorithms

Decidability Decidability p.1/27 Topics Discuss the power of algorithms

Decidability Decidability p.1/27 Topics Discuss the power of algorithms to solve problems Demonstrate that some problems can be solved by algorithms while other cannot Explore the limits of algorithmic solvability

477 views • 27 slides
Decidability and complexity issues for subclasses of counter systems Lecture 2 E XP S PACE

Decidability and complexity issues for subclasses of counter systems Lecture 2 E XP S PACE

Decidability and complexity issues for subclasses of counter systems Lecture 2 E XP S PACE -hardness results for VASS Introduction to reversal-bounded CA St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Course 2.9

714 views • 52 slides
Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed

Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed

Lecture 1: Verification of Concurrent Programs Part 1: Decidability and Complexity Results Ahmed Bouajjani LIAFA, University Paris Diderot Paris 7 VTSA, MPI-Saarbr ucken, September 2012 A. Bouajjani (LIAFA, UP7) Lecture 1: Concurrent

651 views • 61 slides
Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata with finite monoid property and flatness St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Course 2.9 MPRI

921 views • 56 slides
Contents 1. Introduction 2. (Un)decidability on modal MTL logics Reducing to PCP The Global

Contents 1. Introduction 2. (Un)decidability on modal MTL logics Reducing to PCP The Global

Introduction (Un)decidability on modal MTL logics Undecidability of some modal MTL logics (formerly product logics) Amanda Vidal Institute of Computer Science, Czech Academy of Sciences September 6, 2016 1 / 19 Introduction (Un)decidability

705 views • 68 slides
Decidability and complexity issues for subclasses of counter systems Lecture 1 Vector Addition

Decidability and complexity issues for subclasses of counter systems Lecture 1 Vector Addition

Decidability and complexity issues for subclasses of counter systems Lecture 1 Vector Addition Systems with States St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Course 2.9 MPRI 2010/2011 Verification of

1.02k views • 64 slides
Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a

Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a

ICLA 2019 March 3, 2019 Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a geometry engine? On the (un)decidability of affine Euclidean geometries Annals of Mathematics and Artificial Intelligence

909 views • 65 slides
Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte

Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte

Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte Helmert University of Basel April 4, 2016 Closure Properties Decidability Summary Closure Properties Closure Properties Decidability Summary

278 views • 27 slides
How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw

How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw

How unprovable is Rabins decidability theorem? How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw (based on joint work with Henryk Michalewski) CTFM/Tanaka60 Tokyo, September 2015 1 / 22 How

781 views • 31 slides
On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have

On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have

On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have been studied in Process Rewriting Systems for some time. The focus has been on the decidability of reachability, equivalence, . . . . There are

931 views • 47 slides
Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu,

Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu,

Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu, Sebastian Brandt, Yi-Jun Chang, Dennis Olivetti, el Rabie , Jukka Suomela Mika ANR DESCARTES/ESTATE Tuesday, April 2 Mika el RABIE Decidability

971 views • 96 slides
Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and

Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and

Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and Applied Mathematics University of Bern Bern, Switzerland joint work with Samuel Bucheli, Roman Kuznets September 2011 Thomas Studer Decidability

471 views • 25 slides
Lecture 11: Timed Automata 2014-07-01 Dr. Bernd Westphal 11 2014-07-01 main

Lecture 11: Timed Automata 2014-07-01 Dr. Bernd Westphal 11 2014-07-01 main

Real-Time Systems Lecture 11: Timed Automata 2014-07-01 Dr. Bernd Westphal 11 2014-07-01 main Albert-Ludwigs-Universit at Freiburg, Germany Contents & Goals Last Lecture: DC (un)decidability This Lecture:

648 views • 35 slides
Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure & Decidability Gabriele

Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure & Decidability Gabriele

Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure & Decidability Gabriele R oger University of Basel April 15, 2020 Turing Machines vs. Grammars Closure and Decidability Summary Overview Languages & Grammars

363 views • 25 slides
A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA

A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA

A compact proof of decidability for regular expression equivalence A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA Andrea Asperti Department of Computer Science University of Bologna 25/08/2011 A

726 views • 33 slides
Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte

Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte

Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte Helmert University of Basel April 6, 2016 Context-free Grammars and -Rules Chomsky Normal Form Closure Properties Decidability Summary

831 views • 47 slides
INF2080 Church Turing Thesis and Decidability Daniel Lupp Universitetet i Oslo 1st March 2018

INF2080 Church Turing Thesis and Decidability Daniel Lupp Universitetet i Oslo 1st March 2018

INF2080 Church Turing Thesis and Decidability Daniel Lupp Universitetet i Oslo 1st March 2018 Department of University of Informatics Oslo INF2080 Lecture :: 1st March 1 / 43 Short Recap We have looked at Turing machines as a

1.36k views • 125 slides
INF2080 Church Turing Thesis and Decidability Daniel Lupp Universitetet i Oslo 28th February

INF2080 Church Turing Thesis and Decidability Daniel Lupp Universitetet i Oslo 28th February

INF2080 Church Turing Thesis and Decidability Daniel Lupp Universitetet i Oslo 28th February 2017 Department of University of Informatics Oslo INF2080 Lecture :: 28th February 1 / 38 Short Recap We have looked at Turing machines as a

1.47k views • 103 slides
Chapter 4: Decidability I Now we have algorithms We want to check problems solvable or not by

Chapter 4: Decidability I Now we have algorithms We want to check problems solvable or not by

Chapter 4: Decidability I Now we have algorithms We want to check problems solvable or not by computers Need a TM to decide it i.e., accept/reject in a finite number of steps We will show some examples October 27, 2020 1 / 11 Acceptance

296 views • 11 slides
Outline I. CAT( ) and -hyperbolic II. Curvature conjecture III. Decidability issues IV.

Outline I. CAT( ) and -hyperbolic II. Curvature conjecture III. Decidability issues IV.

Constructing non-positively curved spaces and groups Day 1: The basics z E 2 z X p x y p y x Jon McCammond U.C. Santa Barbara 1 Outline I. CAT( ) and -hyperbolic II. Curvature conjecture III. Decidability issues

636 views • 26 slides

More recommend