The typed access matrix model

The typed access matrix (TAM) model is defined by introducing the notion of strong typing into the Harrison, Ruzzo, and Ullman model (HRU) (M. H. Harrison et al., 1978). It is shown that monotonic TAM (MTAM) has decidable, but NP-hard, safety for its acyclic creation cases. It is further shown that ternary MTAM has polynomial time safety analysis for its acyclic cases, even though it is, in general, equivalent to MTAM. Ternary MTAM thus has strong safety properties. The expressive power of ternary MTAM has been shown to be equivalent to MTAM in general. The results establish that strong typing is crucial to achieving a useful demarcation between decidable and undecidable safety, and ternary monotonic commands are critical for tractable safety analysis.<<ETX>>

[1]  Ravi Sandhu,et al.  Implementation Considerations for the Typed Access Matrix Model in a Distributed Environment , 1992 .

[2]  Richard J. Lipton,et al.  A Linear Time Algorithm for Deciding Subject Security , 1977, JACM.

[3]  John McLean,et al.  A Comment on the 'Basic Security Theorem' of Bell and LaPadula , 1985, Inf. Process. Lett..

[4]  Ravi S. Sandhu,et al.  Safety analysis for the extended schematic protection model , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[6]  Ravi S. Sandhu Undecidability of Safety for the Schematic Protection Model with Cyclic Creates , 1992, J. Comput. Syst. Sci..

[7]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[8]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Joachim Biskup Some Variants of the Take-Grant Protection Model , 1984, Inf. Process. Lett..

[10]  Ravi S. Sandhu,et al.  The schematic protection model: its definition and analysis for acyclic attenuating schemes , 1988, JACM.

[11]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[12]  Lawrence Snyder,et al.  The transfer of information and authority in a protection system , 1979, SOSP '79.

[13]  Lawrence Snyder Theft and Conspiracy in the Take-Grant Protection Model , 1981, J. Comput. Syst. Sci..

[14]  Richard J. Lipton,et al.  Foundations of Secure Computation , 1978 .

[15]  Lawrence Snyder,et al.  Formal Models of Capability-Based Protection Systems , 1981, IEEE Transactions on Computers.

[16]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[17]  Ravi S. Sandhu,et al.  Extending the creation operation in the Schematic Protection Model , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[18]  Abe Lockman,et al.  Unidirectional Transport of Rights and Take–Grant Control , 1982, IEEE Transactions on Software Engineering.

[19]  Ravi S. Sandhu,et al.  The Extended Schematic Protection Model , 1992, J. Comput. Secur..

[20]  Ravi S. Sandhu Expressive Power of the Schematic Protection Model , 1992, J. Comput. Secur..