Non-monotonic transformation of access rights

It is known that monotonic transformations unify a number of diverse access control mechanisms such as amplification, copy flags, separation of duties, and synergistic authorization. The importance and expressive power of nonmonotonic transformations is demonstrated. A formal model, called nonmonotonic transform (NMT), is defined. A distributed implementation of NMT is proposed using a client-server architecture. The implementation is remarkably simple and modular in concept. It is based on access control lists and allows for efficient and immediate revocation which could be partial, complete, selective, temporary, or permanent.<<ETX>>

[1]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[2]  John McLean,et al.  A Comment on the 'Basic Security Theorem' of Bell and LaPadula , 1985, Inf. Process. Lett..

[3]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[4]  Naftaly H. Minsky Synergistic Authorization in Database Systems , 1981, VLDB.

[5]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[6]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[8]  R. Sandhu Transformation of access rights , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[9]  Ravi S. Sandhu,et al.  The schematic protection model: its definition and analysis for acyclic attenuating schemes , 1988, JACM.

[10]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[11]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  Ravi S. Sandhu,et al.  Extending the creation operation in the Schematic Protection Model , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.