Despite the best efforts of security researchers, sometimes the static nature of authorisation can cause unexpected risks for users working in a dynamically changing environment. Disasters, medical emergencies or time-critical events can all lead to situations where the ability to relax normal access rules can become critically important. This paper presents an optimistic access control scheme where enforcement of rules is retrospective. The system administrator is relied on to ensure that the system is not misused, and compensating transactions are used to ensure that the system integrity can be recovered in the case of a breach. It is argued that providing an optimistic scheme alongside a traditional access control mechanism can provide a useful means for users to exceed their normal privileges on the rare occasion that the situation warrants it. The idea of a partially-formed transaction is introduced to show how accesses in an optimistic system might be constrained. This model is formally described and related to the Clark-Wilson integrity model.
[1]
Bob Blakley,et al.
The Emperor's old armor
,
1996,
NSPW '96.
[2]
Jerome H. Saltzer,et al.
The protection of information in computer systems
,
1975,
Proc. IEEE.
[3]
Panos K. Chrysanthis,et al.
Executive Briefing: Advances in Concurrency Control and Transaction Processing
,
1997
.
[4]
Dean Povey.
Enforcing Well-Formed and Partially-Formed Transactions for UNIX
,
1999,
USENIX Security Symposium.
[5]
David D. Clark,et al.
A Comparison of Commercial and Military Computer Security Policies
,
1987,
1987 IEEE Symposium on Security and Privacy.