The typed access matrix model
نویسنده
چکیده
The access matrix model as formalized by Harrison, Ruzzo, and Ullman (HRU) has broad expressive power. Unfortunately, HRU has weak safety properties (i.e., the determination of whether or not a given subject can ever acquire access to a given object). Most security policies of practical interest fall into the undecidable cases of HRU. This is true even for monotonic policies (i.e., where access rights can be deleted only if the deletion is itself reversible). In this paper we de ne the typed access matrix (TAM) model by introducing strong typing into HRU (i.e., each subject or object is created to be of a particular type which thereafter does not change). We prove that monotonic TAM (MTAM) has strong safety properties similar to Sandhu's Schematic Protection Model. Safety in MTAM's decidable case is, however, NP-hard. We develop a model called ternary MTAM which has polynomial safety for its decidable case, and which nevertheless retains the full expressive power of MTAM. There is compelling evidence that the decidable safety cases of ternary MTAM are quite adequate for modeling practical monotonic security policies.
منابع مشابه
Simulation of the Augmented Typed Access Matrix Model (ATAM) using Roles
Role-based Access Control (RBAC) is a promising alternative to traditional discretionary (DAC) and mandatory access (MAC) controls. In RBAC permissions are associated with roles, and users are made members of the roles thereby acquiring the roles’ permissions. RBAC is policy neutral and flexible enough to accommodate diverse security policies. Access matrix models define another mechanism for e...
متن کاملExpressive power of the single-object typed access matrix model
The single-object typed access matrix (SOTAM) model was recently introduced in the literature by Sandhu and Suri. It is a special case of Sandhu's typed access matrix (TAM) model. In SOTAM individual commands are restricted to modifying exactly one column of the access matrix (whereas individual TAM commands in general can modify multiple columns). Sandhu and Suri have outlined a simple impleme...
متن کاملExpressive Power of the Single - ObjectTyped Access Matrix
The single-object typed access matrix (SOTAM) model was recently introduced in the literature by Sandhu and Suri. It is a special case of Sandhu's typed access matrix (TAM) model. In SOTAM individual commands are restricted to modifying exactly one column of the access matrix (whereas individual TAM commands in general can modify multiple columns). Sandhu and Suri have outlined a simple impleme...
متن کاملImplementation Considerations for the Typed Access Matrix Model in a Distributed Environment
The typed access matrix (TAM) model was recently de ned by Sandhu. TAM combines the strong safety properties for propagation of access rights obtained in Sandhu's Schematic Protection Model, with the natural expressive power of Harrison, Ruzzo, and Ullman's model. In this paper we consider the implementation of TAM in a distributed environment. To this end we propose a simpli ed version of TAM ...
متن کاملOn Testing for Absence of Rights in Access Control Models
The well-known access control model formalized by Harrison, Ruzzo, and Ullman (HRU) does not allow testing for absence of access rights in its commands. Sandhu's Typed Access Matrix (TAM) model, which introduces strong typing into the HRU model, continues this tradition. Ammann and Sandhu have recently proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of...
متن کامل