Privilege Graph: an Extension to the Typed Access Matrix Model

In this paper, an extension to the TAM model is proposed to deal efficiently with authorization schemes involving sets of privileges. This new formalism provides a technique to analyse the safety problem for this kind of schemes and can be useful to identify which privilege transfers can lead to unsafe protection states. Further extensions are suggested towards quantitative evaluation of operational security and intrusion detection.

[1]  Ravi S. Sandhu,et al.  On testing for absence of rights in access control models , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[2]  Richard J. Lipton,et al.  A Linear Time Algorithm for Deciding Subject Security , 1977, JACM.

[3]  Joachim Biskup Some Variants of the Take-Grant Protection Model , 1984, Inf. Process. Lett..

[4]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[5]  Ravi S. Sandhu,et al.  Implementing transaction control expressions by checking for absence of access rights , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[6]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Shiuh-Pyng Shieh,et al.  A pattern-oriented intrusion-detection model and its applications , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  S. H. Von Solms,et al.  Protection Graph Rewriting Grammars and the Take/Grant Security Model , 1988 .

[9]  Lawrence Snyder,et al.  The transfer of information and authority in a protection system , 1979, SOSP '79.

[10]  Ravi S. Sandhu,et al.  Non-monotonic transformation of access rights , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  D. Marc A Petri net representation of the Take-Grant model , 1993 .

[12]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[13]  Lawrence Snyder Theft and Conspiracy in the Take-Grant Protection Model , 1981, J. Comput. Syst. Sci..

[14]  Lawrence Snyder,et al.  Formal Models of Capability-Based Protection Systems , 1981, IEEE Transactions on Computers.

[15]  Lawrence Snyder On the synthesis and analysis of protection systems , 1977, SOSP '77.

[16]  Ravi S. Sandhu,et al.  The schematic protection model: its definition and analysis for acyclic attenuating schemes , 1988, JACM.

[17]  Ravi S. Sandhu,et al.  Extending the creation operation in the Schematic Protection Model , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.