Implementing transaction control expressions by checking for absence of access rights

نویسندگان

  • Paul Ammann
  • Ravi S. Sandhu
چکیده

Separation of duties is an important, real-world requirement that access control models should support. In [13], Sandhu introduced the transaction control expression (TCE) for specifying dynamic separation of duties. In this paper we consider the implementation of TCEs in the typed access matrix model (TAM) recently proposed by Sandhu [16]. We show that TAM requires extension for satisfactory handling of dynamic separation of duties. In particular, dynamic separation requires the capability to explicitly test for the absence of rights in cells of the access matrix. We illustrate how TAM, extended to incorporate such tests, can implement TCEs. We also discuss the impact of checks for absence of rights on safety analysis (i.e., the determination of whether or not a given subject can acquire a given right to a given object).

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Implementing Transaction Control Expressions byChecking for Absence of Access

Separation of duties is an important, real-world requirement that access control models should support. In 13], Sandhu introduced the transaction control expression (TCE) for specifying dynamic separation of duties. In this paper we consider the implementation of TCEs in the typed access matrix model (TAM) recently proposed by Sandhu 16]. We show that TAM requires extension for satisfactory han...

متن کامل

On Testing for Absence of Rights in Access Control

The well-known access control model formalized by Harrison, Ruzzo, and Ullman (HRU) does not allow testing for absence of access rights in its commands. Sandhu's Typed Access Matrix (TAM) model, which introduces strong typing into the HRU model, continues this tradition. Ammann and Sandhu have recently proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of...

متن کامل

On Testing for Absence of Rights in Access Control Models

The well-known access control model formalized by Harrison, Ruzzo, and Ullman (HRU) does not allow testing for absence of access rights in its commands. Sandhu's Typed Access Matrix (TAM) model, which introduces strong typing into the HRU model, continues this tradition. Ammann and Sandhu have recently proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of...

متن کامل

Accessibility to the Public Facilities: A Mean to Achieve Civil Rights of the People with Disabilities in Iran

Objectives: Civil rights may cover different aspects of citizens’ lives. All the members of the society should have equal access to the public facilities and public transportation system. Barriers and obstacles in society may limit the accessibility of these facilities to the disabled people. Methods: This article contains a part of the results in a phenomenological study of the Disability R...

متن کامل

Checking XPath Expressions for Synchronization, Access Control and Reuse of Query Results on Mobile Clients

The evaluation of XPath expressions plays a central role in accessing XML documents and therefore may be used in XML database systems for different components. We demonstrate that different applications ranging from access control to transaction synchronization to the reuse of query results have very similar requirements to the evaluation of XPath expressions, which can be solved by the same tw...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1992