论文信息 - Redundant access rights

Redundant access rights

In this paper we predict the existence of many unused (or 'redundant') access rights in access control systems and consider the implications that this has for security. We present a way of measuring the number of redundant access rights in a contemporary access control system, and provide measurements taken from real computer systems to support our theories. These results help to explain the apparently poor reliability of access control as a security enforcing function, and open new possibilities for improving security based upon heuristics for determining and eliminating redundant access rights.

Greg O'Shea

[1] Brian W. Kernighan,et al. The C Programming Language , 1978 .

[2] David A. Bell,et al. Secure computer systems: mathematical foundations and model , 1973 .

[3] Maurice J. Bach. The Design of the UNIX Operating System , 1986 .

[4] Greg O'Shea,et al. On the Specification, Validation and Verification of Security in Access Control Systems , 1994, Comput. J..

[5] J. D. Tygar,et al. An Integrated Toolkit for Operating System Security , 1986 .

[6] Jeffrey D. Ullman,et al. Protection in operating systems , 1976, CACM.

[7] Dorothy E. Denning,et al. Cryptography and Data Security , 1982 .

[8] Richard J. Lipton,et al. A Linear time algorithm for deciding security , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[9] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.