On Testing for Absence of Rights in Access Control Models
نویسندگان
چکیده
The well-known access control model formalized by Harrison, Ruzzo, and Ullman (HRU) does not allow testing for absence of access rights in its commands. Sandhu's Typed Access Matrix (TAM) model, which introduces strong typing into the HRU model, continues this tradition. Ammann and Sandhu have recently proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of rights. The motivation for ATAM is to express policies for dynamic separation of duties based on transaction control expressions. In this paper we study the question of whether or not testing for absence of access rights adds fundamental expressive power. We show that TAM and ATAM are formally equivalent in their expressive power. However, our construction indicates that while testing for absence of rights is theoretically unnecessary, such testing appears to be practically bene cial.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملOn Testing for Absence of Rights in Access Control
The well-known access control model formalized by Harrison, Ruzzo, and Ullman (HRU) does not allow testing for absence of access rights in its commands. Sandhu's Typed Access Matrix (TAM) model, which introduces strong typing into the HRU model, continues this tradition. Ammann and Sandhu have recently proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of...
متن کاملOn the minimality of testing for rights in transformation models
In this paper we de ne and analyze a family of access control models, called transformation models, which are based on the concept of transformation of rights. In these models, propagation of access rights is authorized entirely by existing rights for the object in question. Transformation models are useful for expressing various kinds of consistency, con dentiality, and integrity controls. The...
متن کاملOn the Minimality of Testing for Rights in Transformation
In this paper we deene and analyze a family of access control models, called transformation models, which are based on the concept of transformation of rights. In these models, propagation of access rights is authorized entirely by existing rights for the object in question. Transformation models are useful for expressing various kinds of consistency, conndentiality, and integrity controls. The...
متن کاملReactive Power Pricing Simultaneous Using Spot and Bilateral Market Models Considering Opportunity Cost
Reactive power as a utility of ancillary service in restructured environment is supplied by Independent System Operator (ISO). Due to the particular importance of optimal pricing strategy in the power market, the study aims to investigate this problem more closely. To this end, first the problems of restructuring, reactive power generation and its associated costs thereof were reviewed and diff...
متن کامل