The Typed Access Matrix Model

The Typed Access Matrix Model (1992)

Cached

Download Links

by Ravi S. Sandhu

Venue:	Proc. IEEE Symposium on Research in Security and Privacy
Citations:	105 - 24 self

BibTeX

@INPROCEEDINGS{Sandhu92thetyped,
    author = {Ravi S. Sandhu},
    title = {The Typed Access Matrix Model},
    booktitle = {Proc. IEEE Symposium on Research in Security and Privacy},
    year = {1992},
    pages = {122--136}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

The access matrix model as formalized by Harrison, Ruzzo, and Ullman (HRU) has broad expressive power. Unfortunately, HRU has weak safety properties (i.e., the determination of whether or not a given subject can ever acquire access to a given object). Most security policies of practical interest fall into the undecidable cases of HRU. This is true even for monotonic policies (i.e., where access rights can be deleted only if the deletion is itself reversible). In this paper we define the typed access matrix (TAM) model by introducing strong typing into HRU (i.e., each subject or object is created to be of a particular type which thereafter does not change). We prove that monotonic TAM (MTAM) has strong safety properties similar to Sandhu's Schematic Protection Model. Safety in MTAM's decidable case is, however, NP-hard. We develop a model called ternary MTAM which has polynomial safety for its decidable case, and which nevertheless retains the full expressive power of MTAM. There is compelling evidence that the decidable safety cases of ternary MTAM are quite adequate for modeling practial monotonic security policies.

Citations

515	Secure computer system: unified exposition and MULTICS interpretation - Bell, LaPadula - 1976
478	A lattice model of secure information flow - DENNING - 1976
321	Protection in operating systems - Harrison, Ruzzo, et al. - 1976
66	A linear time algorithm for deciding subject security - Lipton, Snyder - 1977
51	The schematic protection model: Its definition and analysis for acyclic attenuating schemes - Sandhu - 1988
47	The specification and modeling of computer security - MCLEAN - 1990
44	Secure Computer System: Uni ed Exposition and Multics Interpretation - Bell, Padula - 1976
40	Beyond the pale of MAC and DAC – defining new forms of access control - McCollum, Messing, et al. - 1990
38	Formal Models of Capability-Based Protection Systems - Snyder - 1981
30	The Schematic Protection Model: Its De nition and Analysis for Acyclic Attenuating Schemes - Sandhu - 1988
29	On the need for a third form of access control - Graubart - 1989
28	The transfer of information and authority in a protection system - Bishop, Snyder - 1979
27	A Comment on the ‘Basic Security Theorem - McLean - 1985
23	Expressive Power of the Schematic Protection Model - Sandhu - 1991
20	Monotonic protection systems - Harrison, Ruzzo - 1978
18	Safety Analysis for the Extended Schematic Protection Model - Ammann, Sandhu - 1991
15	Safety in grammatical protection systems - Budd - 1983
14	Theft of information in the take-grant protection model - Bishop - 1994
13	A Generalized Framework for Access Control: Towards Prototyping the Orgcon Policy - Abrams, King, et al. - 1991
13	Protection." 5th Princeton Symposium on Information Science and Systems - Lampson - 1971
12	Extending the creation operation in the schematic protection model - Ammann, Sandhu - 1990
10	The extended schematic protection model - Amman, Sandhu - 1992
10	Implementation considerations for the Typed Access Matrix in a Distributed Environment - Sandhu, Suri - 1992
9	Unidirectional Transport of Rights and Take-Grant Control - Lockman, Minsky
7	Theft and Conspiracy in the Take-Grant Model - Snyder - 1981
6	Some Variants of the Take-Grant Protection Model - Biskup - 1984
5	Undecidability of the safety problem for the schematic protection model with cyclic creates - Sandhu - 1992
3	Private communication - Ammann
3	Beyond the Pale of MAC and DAC - De ning New Forms of Access Control - McCollum, Messing, et al. - 1990