On the minimality of testing for rights in transformation models

Defines and analyzes a family of access control models, called transformation models, which are based on the concept of transformation of rights. In these models, propagation of access rights is authorized entirely by existing rights for the object in question. Transformation models are useful for expressing various kinds of consistency, confidentiality, and integrity controls. These models also generalize the monotonic transform model of Sandhu, and its non-monotonic extension (NMT) by Sandhu and Suri. The authors argue that NMT is inadequate for expressing the document release example discussed by Sandhu and Suri, because it can test only one access matrix cell in its state changing commands. They then analyze the relative expressive power of testing two access matrix cells in state changing commands versus testing more than two. The conclusion is that it suffices to allow testing for two cells.<<ETX>>

[1]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[2]  John McLean,et al.  A Comment on the 'Basic Security Theorem' of Bell and LaPadula , 1985, Inf. Process. Lett..

[3]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[4]  Ravi S. Sandhu,et al.  On the Expressive Power of the Unary Transformation Model , 1994, ESORICS.

[5]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  R. Sandhu Transformation of access rights , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[7]  Ravi S. Sandhu,et al.  On testing for absence of rights in access control models , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[8]  Ravi S. Sandhu,et al.  Implementing transaction control expressions by checking for absence of access rights , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[9]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[10]  David Jefferson,et al.  Protection in the Hydra Operating System , 1975, SOSP.

[11]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[12]  Naftaly H. Minsky Synergistic Authorization in Database Systems , 1981, VLDB.

[13]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[14]  Ravi S. Sandhu,et al.  Non-monotonic transformation of access rights , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[15]  Ravi S. Sandhu,et al.  The schematic protection model: its definition and analysis for acyclic attenuating schemes , 1988, JACM.