Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

Slides:



Advertisements
Similar presentations
Variants of Turing machines
Advertisements

CSCI 4325 / 6339 Theory of Computation Zhixiang Chen Department of Computer Science University of Texas-Pan American.
1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.
Decidable A problem P is decidable if it can be solved by a Turing machine T that always halt. (We say that P has an effective algorithm.) Note that the.
Complexity 7-1 Complexity Andrei Bulatov Complexity of Problems.
Computability and Complexity 5-1 Classifying Problems Computability and Complexity Andrei Bulatov.
Computability and Complexity 22-1 Computability and Complexity Andrei Bulatov Hierarchy Theorem.
Computability and Complexity 14-1 Computability and Complexity Andrei Bulatov Cook’s Theorem.
Fall 2004COMP 3351 Undecidable problems for Recursively enumerable languages continued…
Prof. Busch - LSU1 Decidable Languages. Prof. Busch - LSU2 Recall that: A language is Turing-Acceptable if there is a Turing machine that accepts Also.
P, NP, PS, and NPS By Muhannad Harrim. Class P P is the complexity class containing decision problems which can be solved by a Deterministic Turing machine.
Costas Busch - RPI1 Undecidable problems for Recursively enumerable languages continued…
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result.
Complexity 5-1 Complexity Andrei Bulatov Complexity of Problems.
April 6, 2004ECS 235Slide #1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe Defaults –Economy of Mechanism –Complete Mediation.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
Fall 2004COMP 3351 Reducibility. Fall 2004COMP 3352 Problem is reduced to problem If we can solve problem then we can solve problem.
Homework #9 Solutions.
1 Decidability continued. 2 Undecidable Problems Halting Problem: Does machine halt on input ? State-entry Problem: Does machine enter state halt on input.
Courtesy Costas Busch - RPI1 Reducibility. Courtesy Costas Busch - RPI2 Problem is reduced to problem If we can solve problem then we can solve problem.
Finite State Machines Data Structures and Algorithms for Information Processing 1.
1 Reducibility. 2 Problem is reduced to problem If we can solve problem then we can solve problem.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
IS-2150/TEL-2810: Introduction of Computer Security1 September 7, 2005 Introduction to Computer Security Access Control Matrix Take-grant model.
Full FOPL is undecidable sketch of proof by reduction to Halting problem s CS3518 Buchi, J.R. (1962) “Turing machines and the Entscheidungsproblem,” Boolos,
Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.
Slide #2-1 Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer.
1 Turing’s Thesis. 2 Turing’s thesis: Any computation carried out by mechanical means can be performed by a Turing Machine (1930)
2/1/20161 Computer Security Foundational Results.
Lecture 17 Undecidability Topics:  TM variations  Undecidability June 25, 2015 CSCE 355 Foundations of Computation.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 4 September 18, 2012 Access Control Model Foundational Results.
Overview of the theory of computation Episode 3 0 Turing machines The traditional concepts of computability, decidability and recursive enumerability.
1 Turing Machines - Chap 8 Turing Machines Recursive and Recursively Enumerable Languages.
Umans Complexity Theory Lectures Lecture 1b: Turing Machines & Halting Problem.
1 Chapter 9 Undecidability  Turing Machines Coded as Binary Strings  Universal Turing machine  Diagonalizing over Turing Machines  Problems as Languages.
April 8, 2004ECS 235Slide #1 Overview Safety Question HRU Model Take-Grant Protection Model SPM, ESPM –Multiparent joint creation Expressive power Typed.
INFSCI 2935: Introduction of Computer Security1 September 13, 2005 Introduction to Computer Security Lecture 3 Take Grant Model (Cont) HRU Schematic Protection.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result.
November 1, 2004Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection.
Donghyun (David) Kim Department of Mathematics and Computer Science North Carolina Central University 1 Chapter 5 Reducibility Some slides are in courtesy.
1 8.4 Extensions to the Basic TM Extended TM’s to be studied: Multitape Turing machine Nondeterministic Turing machine The above extensions make no increase.
1 Turing Machines. 2 The Language Hierarchy Regular Languages Context-Free Languages ? ?
September 10, 2012Introduction to Computer Security © 2004 Matt Bishop Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model.
Recursively Enumerable and Recursive Languages. Definition: A language is recursively enumerable if some Turing machine accepts it.
Chapters 11 and 12 Decision Problems and Undecidability.
8. Introduction to Turing Machines
Busch Complexity Lectures: Turing Machines
Busch Complexity Lectures: Reductions
IS 2150 / TEL 2810 Introduction to Security
Reductions Costas Busch - LSU.
LIMITS OF ALGORITHMIC COMPUTATION
Introduction to Computer Security Lecture 2
Intro to Theory of Computation
IS 2150 / TEL 2810 Information Security & Privacy
Intro to Theory of Computation
IS 2150 / TEL 2810 Introduction to Security
Decidable Languages Costas Busch - LSU.
Decidability Turing Machines Coded as Binary Strings
Decidability and Undecidability
Decidability Turing Machines Coded as Binary Strings
Overview Safety Question HRU Model Take-Grant Protection Model
Computer Security Foundations
Advanced System Security
IS 2150 / TEL 2810 Information Security & Privacy
Instructor: Aaron Roth
Subject Name: FORMAL LANGUAGES AND AUTOMATA THEORY
Decidability continued….
Variants of Turing machines
More Undecidable Problems
IS 2150 / TEL 2810 Introduction to Security
Presentation transcript:

Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries

Slide #3-2 Overview Safety Question HRU Model

Slide #3-3 The general question How can we determine whether a system is safe? Is there a generic algorithm that will determine whether a system is safe?

Reminder: safe vs secure Slide #3-4 The term safe is used to refer to the abstract model. The term secure is used when referring to implementations

Slide #3-5 What Is “Safe”? Adding a generic right r where there was not one is “leaking” If a system S, beginning in initial state s 0, cannot leak right r, it is safe with respect to the right r.

Slide #3-6 Safety Question Does there exist an algorithm for determining whether a protection system S with initial state s 0 is safe with respect to a generic right r?

Slide #3-7 Mono-Operational Commands Answer: yes Theorem There exists an algorithm that will determine whether given mono-operational protection system with initial state s 0 is safe with respect to a given generic right r.

Slide #3-8 Mono-Operational Commands Sketch of proof: Consider the minimal sequence of commands c 1, …, c k needed to leak the right. – Can omit delete, destroy (no commands can test for the absence of rights in an ACM) – Can merge all creates into one Worst case: insert every right into every entry; with s subjects and o objects initially, and n rights. Then (at worst) there are k ≤ n(s+1)(o+1) commands

Slide #3-9 General Case Answer: no Theorem It is undecidable whether a given state of a general protection system with is safe for a given right r.

Slide #3-10 General Case Sketch of proof: Reduce the halting problem to safety problem

Slide #3-11 Turing Machine review Infinite tape in one direction States K, Symbols M (alphabet); distinguished blank b Transition function  (k, m) = (k, m, L) means in state k, symbol m on tape location replaced by symbol m, head moves to left one square, and enters state k Halting state is q f ; TM halts when it enters this state

Slide #3-12 Halting problem Determine if an arbitrary TM will enter a halting state q f The Halting problem is known to be undecidable.

Slide #3-13 Mapping First we construct a map from the states and symbols of a Turing machine TM to the rights in the access control matrix A. The generic rights are taken to be –the symbols in M and –a set of distinct symbols each representing a state in K. Each cell of TM is a subject. Define a distinguished right own and such that s i owns s i+1

Slide #3-14 Mapping A BCD… 1234 head s1s1 s2s2 s3s3 s4s4 s4s4 s3s3 s2s2 s1s1 A B C k D end own Current state is k

Slide #3-15 Mapping A BXD… 1234 head s1s1 s2s2 s3s3 s4s4 s4s4 s3s3 s2s2 s1s1 A B X D k 1 end own After  (k, C) = (k 1, X, R) where k is the current state and k 1 the next state

Slide #3-16 Command Mapping  (k, C) = (k 1, X, R) at intermediate becomes command c k,C (s 3,s 4 ) if own in A[s 3,s 4 ] and k in A[s 3,s 3 ] and C in A[s 3,s 3 ] then delete k from A[s 3,s 3 ]; delete C from A[s 3,s 3 ]; enter X into A[s 3,s 3 ]; enter k 1 into A[s 4,s 4 ]; end

Slide #3-17 Mapping A BXY 1234 head s1s1 s2s2 s3s3 s4s4 s4s4 s3s3 s2s2 s1s1 A B X Y own After  (k 1, D) = (k 2, Y, R) where k 1 is the current state and k 2 the next state s5s5 s5s5 own b k 2 end 5 b

Slide #3-18 Command Mapping  (k 1, D) = (k 2, Y, R) at end becomes command crightmost k,C (s 4,s 5 ) if end in A[s 4,s 4 ] and k 1 in A[s 4,s 4 ] and D in A[s 4,s 4 ] then delete end from A[s 4,s 4 ]; create subject s 5 ; enter own into A[s 4,s 5 ]; enter end into A[s 5,s 5 ]; delete k 1 from A[s 4,s 4 ]; delete D from A[s 4,s 4 ]; enter Y into A[s 4,s 4 ]; enter k 2 into A[s 5,s 5 ]; end

Slide #3-19 Rest of Proof Protection system exactly simulates a TM –Exactly 1 end right in ACM –1 right in entries corresponds to state –Thus, at most 1 applicable command If TM enters state q f, then right has leaked If safety question decidable, then represent TM as above and determine if q f leaks –Implies halting problem decidable Conclusion: safety question undecidable

Slide #3-20 Other Results Set of unsafe systems is recursively enumerable (there is TM that will enumerate all systems) Delete create primitive; then safety question is complete in P-SPACE Delete destroy, delete primitives; then safety question is undecidable –Such systems are called monotonic: the size and complexity only increases. Safety question for mono-conditional, monotonic protection systems is decidable Safety question for mono-conditional protection systems with create, enter, delete (and no destroy) is decidable.

Slide #3-21 Key Points Safety problem undecidable Limiting scope of systems can make problem decidable

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.