The Foundational Work of Harrison-Ruzzo-Ullman Revisited

The work by Harrison, Ruzzo, and Ullman (the HRU paper) on safety in the context of the access matrix model is widely considered to be foundational work in access control. In this paper, we address two errors we have discovered in the HRU paper. To our knowledge, these errors have not been previously reported in the literature. The first error regards a proof that shows that safety analysis for mono-operational HRU systems is in NP. The error stems from a faulty assumption that such systems are monotonic for the purpose of safety analysis. We present a corrected proof in this paper. The second error regards a mapping from one version of the safety problem to another that is presented in the HRU paper. We demonstrate that the mapping is not a reduction, and present a reduction that enables us to infer that the second version of safety introduced in the HRU paper is also undecidable for the HRU scheme. These errors lead us to ask whether the notion of safety as defined in the HRU paper is meaningful. We introduce other notions of safety that we argue have more intuitive appeal, and present the corresponding safety analysis results for the HRU scheme.

[1]  Ninghui Li,et al.  Beyond proof-of-compliance: security analysis in trust management , 2005, JACM.

[2]  Richard M. Karp,et al.  Reducibility among combinatorial problems" in complexity of computer computations , 1972 .

[3]  Naftaly H. Minsky Selective and locally controlled transport of privileges , 1984, TOPL.

[4]  Ninghui Li,et al.  Security analysis in role-based access control , 2004, SACMAT '04.

[5]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[7]  Masakazu Soshi,et al.  Safety Analysis of the Dynamic-Typed Access Matrix Model , 2000, ESORICS.

[8]  Ravi S. Sandhu,et al.  The Extended Schematic Protection Model , 1992, J. Comput. Secur..

[9]  Jon A. Solworth,et al.  A layered design of discretionary access controls with decidable safety properties , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[10]  Timothy A. Budd Safety in grammatical protection systems , 2004, International Journal of Computer & Information Sciences.

[11]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[12]  Mamoru Maekawa,et al.  The Dynamic-Typed Access Matrix Model and Decidability of the Safety Problem , 2004, IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences.

[13]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[14]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[15]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[16]  Ravi S. Sandhu Expressive Power of the Schematic Protection Model , 1992, J. Comput. Secur..

[17]  Ravi S. Sandhu,et al.  One-representative safety analysis in the non-monotonic transform model , 1994, Proceedings The Computer Security Foundations Workshop VII.

[18]  Ninghui Li,et al.  Beyond proof-of-compliance: safety and availability analysis in trust management , 2003, 2003 Symposium on Security and Privacy, 2003..

[19]  松田 直人 『Google Scholar』の利点 , 2009 .

[20]  Rajeev Motwani,et al.  On the decidability of accessibility problems (extended abstract) , 2000, STOC '00.

[21]  Ravi S. Sandhu,et al.  The schematic protection model: its definition and analysis for acyclic attenuating schemes , 1988, JACM.

[22]  Christos H. Papadimitriou,et al.  Computational complexity , 1993 .

[23]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[24]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[25]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[26]  Ravi S. Sandhu Undecidability of Safety for the Schematic Protection Model with Cyclic Creates , 1992, J. Comput. Syst. Sci..

[27]  Richard J. Lipton,et al.  A Linear time algorithm for deciding security , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[28]  Richard J. Lipton,et al.  A Linear Time Algorithm for Deciding Subject Security , 1977, JACM.

[29]  M. W. Shields An Introduction to Automata Theory , 1988 .

[30]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[31]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[32]  Ravi S. Sandhu,et al.  Safety analysis for the extended schematic protection model , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[33]  R.E. Ladner,et al.  A Comparison of Polynomial Time Reducibilities , 1975, Theor. Comput. Sci..

[34]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .