On testing for absence of rights in access control models

Author

Sandhu, Ravi S. ; Ganta, Srinivas

Author_Institution

Dept. of Inf. & Software Syst. Eng., George Mason Univ., Fairfax, VA, USA

fYear

1993

fDate

15-17 Jun 1993

Firstpage

109

Lastpage

118

Abstract

The well-known access control model formalized by M.H. Harrison, W.C. Ruzzo, and J.D. Ullman (HRU) (1976), does not allow testing for absence of access rights in its commands. R.S. Sandhu´s Typed Access Matrix (TAM) model (1992), which introduces strong typing into the HRU model, continues this tradition. P.E. Ammann R.S. Sandhu (1992), have proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of rights. The motivation for ATAM is to express policies for dynamic separation of duties based on transaction control expressions. The authors study the question of whether or not testing for absence of access rights adds fundamental expressive power. They show that TAM and ATAM are formally equivalent in their expressive power. However, their construction indicates that while testing for absence of rights is theoretically unnecessary, such testing appears to be practically beneficial

Keywords

authorisation; data structures; multi-access systems; HRU; Typed Access Matrix; access control model; access rights; augmented TAM; expressive power; formally equivalent; strong typing; transaction control expressions; Access control; Control systems; Information systems; Permission; Protection; Security; Software systems; Software testing; System testing; Systems engineering and theory;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop VI, 1993. Proceedings

Conference_Location

Franconia, NH

Print_ISBN

0-8186-3950-4

Type

conf

DOI

10.1109/CSFW.1993.246635

Filename

246635