A Linear Time Algorithm for Deciding Subject Security
暂无分享,去创建一个
A particular protection mechanism from the protection hterature-the take and grant system--is presented For this particular mechanism, it is shown that the safety problem can be solved in linear time Moreover the security policies that this mechanism can enforce are characterized The theoretical analysis of systems for protectmg the security of reformation should be of interest to the practmoner as well as the theorehctan. The practitioner must convince users that the integrity of their programs and files is maintained; Le. he must convince them that the operating system and its mechanisms will correctly protect these programs and files Vague or informal arguments are unacceptable since they are often wrong. Indeed the folklore is replete with stones of "secure" systems being compromised m a matter of hours. A primary reason for the abundance of these incidents is that even a small set of apparently simple protection pnmmves can often lead to complex systems that can be exploited, and therefore compromised, by some adversary. But it is preosely this fact, simple primitives with complex behavior, that lures the theoretician. Our purpose here is to present a concrete example of a protection system and then to completely analyze its behavior. Our motivation for doing this analysis ~s twofold. The protection system that we study ~s not one we invented, rather it appears, for example, in Cohen (1) Moreover it is closely related to systems studied m Denning and Graham (2) and Jones (4). This point is most important, for the space of possible protection systems is exceedingly nch and it is trivial to think up arbitrary systems to study. We are interested not in arbitrary systems, but in systems that have practical apphcahon The above motivation is necessary but not sufficient for us to establish that these questions should interest the theoreticmn. Our second reason for studying these prob- lems is that m a natural way they can be viewed as "generahzat~ons of transitive closure." Informally, our model is:
[1] Journal of the Association for Computing Machinery , 1961, Nature.
[2] Peter J. Denning,et al. Protection: principles and practice , 1972, AFIPS '72 (Spring).
[3] Anita K. Jones,et al. Protection in programmed systems. , 1973 .
[4] Ellis Saul Cohen. Problems, mechanisms and solutions. , 1976 .
[5] Jeffrey D. Ullman,et al. On protection in operating systems , 1975, SOSP.