Implementing transaction control expressions by checking for absence of access rights
نویسندگان
چکیده
Separation of duties is an important, real-world requirement that access control models should support. In [13], Sandhu introduced the transaction control expression (TCE) for specifying dynamic separation of duties. In this paper we consider the implementation of TCEs in the typed access matrix model (TAM) recently proposed by Sandhu [16]. We show that TAM requires extension for satisfactory handling of dynamic separation of duties. In particular, dynamic separation requires the capability to explicitly test for the absence of rights in cells of the access matrix. We illustrate how TAM, extended to incorporate such tests, can implement TCEs. We also discuss the impact of checks for absence of rights on safety analysis (i.e., the determination of whether or not a given subject can acquire a given right to a given object).
منابع مشابه
Implementing Transaction Control Expressions byChecking for Absence of Access
Separation of duties is an important, real-world requirement that access control models should support. In 13], Sandhu introduced the transaction control expression (TCE) for specifying dynamic separation of duties. In this paper we consider the implementation of TCEs in the typed access matrix model (TAM) recently proposed by Sandhu 16]. We show that TAM requires extension for satisfactory han...
متن کاملOn Testing for Absence of Rights in Access Control
The well-known access control model formalized by Harrison, Ruzzo, and Ullman (HRU) does not allow testing for absence of access rights in its commands. Sandhu's Typed Access Matrix (TAM) model, which introduces strong typing into the HRU model, continues this tradition. Ammann and Sandhu have recently proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of...
متن کاملOn Testing for Absence of Rights in Access Control Models
The well-known access control model formalized by Harrison, Ruzzo, and Ullman (HRU) does not allow testing for absence of access rights in its commands. Sandhu's Typed Access Matrix (TAM) model, which introduces strong typing into the HRU model, continues this tradition. Ammann and Sandhu have recently proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of...
متن کاملAccessibility to the Public Facilities: A Mean to Achieve Civil Rights of the People with Disabilities in Iran
Objectives: Civil rights may cover different aspects of citizens’ lives. All the members of the society should have equal access to the public facilities and public transportation system. Barriers and obstacles in society may limit the accessibility of these facilities to the disabled people. Methods: This article contains a part of the results in a phenomenological study of the Disability R...
متن کاملChecking XPath Expressions for Synchronization, Access Control and Reuse of Query Results on Mobile Clients
The evaluation of XPath expressions plays a central role in accessing XML documents and therefore may be used in XML database systems for different components. We demonstrate that different applications ranging from access control to transaction synchronization to the reuse of query results have very similar requirements to the evaluation of XPath expressions, which can be solved by the same tw...
متن کامل