Access Restriction

Author Sandhu, Ravinderpal Singh
Source ACM Digital Library
Content type Text
Publisher Association for Computing Machinery (ACM)
File Format PDF
Copyright Year ©1988
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Abstract The protection state of a system is defined by the privileges possessed by subjects at a given moment. Operations that change this state are themselves authorized by the current state. This poses a design problem in constructing the initial state so that all derivable states conform to a particular policy. It also raises an analysis problem of characterizing the protection states derivable from a given initial state. A protection model provides a framework for both design and analysis. Design generality and tractable analysis are inherently conflicting goals. Analysis is particularly difficult if creation of subjects is permitted. The schematic protection model resolves this conflict by classifying subjects and objects into protection types. The privileges possessed by a subject consist of a type-determined part specified by a static protection scheme and a dynamic part consisting of tickets (capabilities). It is shown that analysis is tractable for this model provided certain restrictions are imposed on subject creation. A scheme authorizes creation of subjects via a binary relation on subject types. Our principal constraint is that this relation be acyclic, excepting loops that authorize a subject to create subjects of its own type. Our assumptions admit a variety of useful systems.
ISSN 00045411
Age Range 18 to 22 years ♦ above 22 year
Educational Use Research
Education Level UG and PG
Learning Resource Type Article
Publisher Date 1988-04-01
Publisher Place New York
e-ISSN 1557735X
Journal Journal of the ACM (JACM)
Volume Number 35
Issue Number 2
Page Count 29
Starting Page 404
Ending Page 432

Open content in new tab

   Open content in new tab
Source: ACM Digital Library