Expressive Power of the Schematic Protection Model
نویسنده
چکیده
In this paper we show that the Schematic Protection Model (SPM) subsumes several well-known protection models as particular instances. We show this for a diverse collection of models including the Bell-LaPadula multi-level security model, take-grant models, and grammatical protection systems. Remarkably SPM subsumes these models within its known e ciently decidable cases for safety analysis (i.e., the determination or whether or not a given privilege can possibly be acquired by a particular subject). Therefore SPM subsumes these models not only in terms of its expressive power but also in terms of safety analysis. This is in sharp contrast to the HarrisonRuzzo-Ullman (HRU) access-matrix model. HRU does subsume all the models discussed in this paper in terms of expressive power. However, all known constructions of these models in HRU require multi-conditional commands (i.e., commands whose conditions have two or more terms), whereas safety is undecidable in HRU even for bi-conditional commands (i.e., commands whose conditions have exactly two terms).
منابع مشابه
Implementation Considerations for the Typed Access Matrix Model in a Distributed Environment
The typed access matrix (TAM) model was recently de ned by Sandhu. TAM combines the strong safety properties for propagation of access rights obtained in Sandhu's Schematic Protection Model, with the natural expressive power of Harrison, Ruzzo, and Ullman's model. In this paper we consider the implementation of TAM in a distributed environment. To this end we propose a simpli ed version of TAM ...
متن کاملImplementation of the Extended Schematic Protection Model Paul
Protection models provide a formalism for specifying control over access to information and other resources in a multi-user computer system. One such model, the Extended Schematic Protection Model (ESPM), has expressive power equivalent to the monotonic access matrix model of Harrison, Ruzzo, and Ullman [7]. Yet ESPM retains tractable safety analysis for many cases of practical interest. Thus E...
متن کاملImplementation of the Extended Schematic Protection Model
Protection models provide a formalism for specifying control over access to information and other resources in a multi-user computer system. One such model, the Extended Schematic Protection Model (ESPM), has expressive power equivalent to the monotonic access matrix model of Harrison, Ruzzo, and Ullman [7]. Yet ESPM retains tractable safety analysis for many cases of practical interest. Thus E...
متن کاملImplementation of theExtended Schematic Protection
Protection models provide a formalism for specifying control over access to information and other resources in a multiuser computer system. One such model, the Extended Schematic Protection Model (ESPM), has expressive power equivalent to the mono-tonic access matrix model of Harrison, Ruzzo, and Ullman 7]. Yet ESPM retains tractable safety analysis for many cases of practical interest. Thus ES...
متن کاملThe typed access matrix model
The access matrix model as formalized by Harrison, Ruzzo, and Ullman (HRU) has broad expressive power. Unfortunately, HRU has weak safety properties (i.e., the determination of whether or not a given subject can ever acquire access to a given object). Most security policies of practical interest fall into the undecidable cases of HRU. This is true even for monotonic policies (i.e., where access...
متن کامل