Implementation Considerations for the Typed Access Matrix Model in a Distributed Environment

The typed access matrix (TAM) model was recently de ned by Sandhu. TAM combines the strong safety properties for propagation of access rights obtained in Sandhu's Schematic Protection Model, with the natural expressive power of Harrison, Ruzzo, and Ullman's model. In this paper we consider the implementation of TAM in a distributed environment. To this end we propose a simpli ed version of TAM called Single-Object TAM (SO-TAM). We illustrate the practical expressive power of SO-TAM by showing how the ORCON policy for originator control of documents can be speci ed in SO-TAM. We provide arguments to support our conjecture that SO-TAM is theoretically as expressive as TAM. We show that SO-TAM has a simple implementation in a typical client-server architecture. Our design is based on access control lists as the principal means for enforcing access to subjects and objects. In addition, certi cate servers are introduced for generating certi cates for checking access rights in those cases where access control lists are insu cient. A major advantage of our design is that atomicity of operations does not require a distributed commit.