Expressive power of the single-object typed access matrix model

The single-object typed access matrix (SOTAM) model was recently introduced in the literature by Sandhu and Suri. It is a special case of Sandhu's typed access matrix (TAM) model. In SOTAM individual commands are restricted to modifying exactly one column of the access matrix (whereas individual TAM commands in general can modify multiple columns). Sandhu and Suri have outlined a simple implementation of SOTAM in a distributed environment using the familiar client-server architecture. In particular the stipulation that each command modi es a single column of the access matrix, is re ected in the desirable property that each command modi es a single access control list corresponding to that column. In this paper we show that TAM and SOTAM are formally equivalent in their expressive power. This result establishes that SOTAM has precisely the same expressive power as TAM, while having a simple implementation at the same time. In a nutshell, this result tells us that manipulation of access control information can be achieved in its most general form by manipulation of a single access control list (ACL) at a time. The work of both authors is partially supported by National Science Foundation grant CCR9202270. Ravi Sandhu is also supported by the National Security Agency through contract MDA90492-C-5141. We are grateful to Dan Atkinson, Nathaniel Macon, Howard Stainer, and Mike Ware for their support and encouragement in making this work possible.