论文信息 - An operation-control scheme for authorization in computer systems

An operation-control scheme for authorization in computer systems

The access-control authorization scheme, which is being used for the protection of operating systems, is found to be inadequate in other areas, such as in databases and information systems. A new authorization scheme, which is a natural extension of access control, is proposed. The new scheme, which is called “operation control,” is shown to be superior to the accesscontrol scheme in a number of ways. In particular, it facilitates more natural and efficient representations of policies, particularly the type of complex policies that appear in information systems, it facilitates enforcement by compile-time validation due to a greater stability of authority states, and it reduces the need for revocation.

Naftaly H. Minsky

[1] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[2] Barbara Liskov,et al. An Access Control Facility for Programming Languages , 1976 .

[3] William A. Wulf,et al. HYDRA , 1974, Commun. ACM.

[4] Gerald J. Popek,et al. Verifiable secure operating system software , 1974, AFIPS '74.

[5] William A. Wulf,et al. Towards the design of secure systems , 1975, Softw. Pract. Exp..

[6] Butler W. Lampson,et al. Reflections on an operating system design , 1976, CACM.

[7] Theodore A. Linden. Operating System Structures to Support Security and Reliable Software , 1976, CSUR.

[8] Clark Weissman,et al. Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[9] Stephen N. Zilles,et al. Programming with abstract data types , 1974 .

[10] Naftaly H. Minsky. Intentional resolution of privacy protection in database systems , 1976, CACM.

[11] David D. Redell,et al. NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS , 1974 .

[12] David Jefferson,et al. Protection in the Hydra Operating System , 1975, SOSP.

[13] Jeffrey D. Ullman,et al. On protection in operating systems , 1975, SOSP.

[14] Tony Hoare,et al. Hierarchical Program Structures , 1972 .