openseced / ac Goto Github PK

The slides should be rewritten with a retake on access control. We should still cover some of the classical parts, but we should change focus so that the modern and outside-the-box parts are covered more extensively.

This (new URL) is an interesting example of data exfiltration.

We should have some exercises that are aligned with the ILOs.

Can we explore different systems, like Qubes?

The current treatment focuses on an active entity being the reference monitor. However, we can achieve a logical reference monitor through cryptography. We should present this view too.

Does it make more sense to have two parts, one multilevel and one multilateral instead of both in one?

Create a better story line, what do we want to say?

• What a reference monitor is.
• Placement of reference monitor.
• How the operating system, hardware enforcement works.

Check Gollmann's chapter on this topic.

We should also cover ABAC, not just RBAC. This will be a good context to present anonymous credentials.

This one is WIP, leftovers from the breakup of overview. The slides must be revised and a lecture recorded.

Currently it's in Swedish.

There are leftovers of the sidechannels lecture in covert-channels. The slides must be revised to focus on covert-channels (side-channels are in crypto). Then we must record a lecture.

Change from using an internal bibliography to use the libbib bibliography and functionalities already there for the access control area.

Clarify the idea of an access control model and what different access control models are about.

USENIX Security '18 - Solving the Next Billion-People Privacy Problem

There is a nice example of attribute-based access control vs identity-based access control in there.

Currently overview is a lecture, it should be changed to an active learning session.

Focus on the theory of access control, i.e. access control models. Then we can handle implementation in the refmon part.

There is currently much specifics in [overview] that can be broken out into their own learning sessions. [overview] should contain a wide overview of the access control field.

Merge current [lvlltrl] into this lecture. That provides a broad overview of access control.

The sidechannels module has been deprecated and moved into this. It should be included in the overview.

PR #16 adds concrete ILOs.

• Add assessment aligned with the ILOs.
• Adapt contents of overview to the ILOs and assessment (related to #15).