Transformation of access rights

The author introduces the concept of transformation of access rights to unify a variety of access-control mechanisms. These mechanisms have mostly been proposed independently of each other to deal with various integrity issues. Their common foundation is abstracted in a model called transform. The formalization makes it possible to investigate the minimal features required to support transform. The relation of transform to existing access-control models is then considered. It is shown that the access-matrix model transform is outside the class of systems for which safety is known to be decidable. On the other hand it is shown that transform is an instance of the decidable cases of the schematic protection model.<<ETX>>

[1]  Abe Lockman,et al.  Unidirectional Transport of Rights and Take–Grant Control , 1982, IEEE Transactions on Software Engineering.

[2]  Naftaly H. Minsky Synergistic Authorization in Database Systems , 1981, VLDB.

[3]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[4]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[5]  Ravi S. Sandhu,et al.  Some Owner Based Schemes With Dynamic Groups In The Schematic Protection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[6]  Richard J. Lipton,et al.  A Linear Time Algorithm for Deciding Subject Security , 1977, JACM.

[7]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[8]  Will Harkness,et al.  Command Authorization as a Component of Information Integrity , 1988, CSFW.

[9]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[10]  Theodore A. Linden Operating System Structures to Support Security and Reliable Software , 1976, CSUR.

[11]  Naftaly H. Minsky Selective and locally controlled transport of privileges , 1984, TOPL.

[12]  William A. Wulf,et al.  HYDRA , 1974, Commun. ACM.

[13]  David Jefferson,et al.  Protection in the Hydra Operating System , 1975, SOSP.

[14]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[15]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[16]  Morris Sloman,et al.  The source of authority for commercial access control , 1988, Computer.

[17]  Ravi S. Sandhu,et al.  The schematic protection model: its definition and analysis for acyclic attenuating schemes , 1988, JACM.