DocumentCode :
753890
Title :
Unidirectional Transport of Rights and Take–Grant Control
Author :
Lockman, Abe ; Minsky, Naftaly
Author_Institution :
Department of Computer Science, Rutgers University
Issue :
6
fYear :
1982
Firstpage :
597
Lastpage :
604
Abstract :
One of the most critical and least understood aspects of protection is the exercise of control over the movement of rights between the subjects of a system. The conventional Take-Grant mechanism for exercising such control suffers from a puzzling and unfortunate limitation: it cannot enforce strictly unidirectional channels for the flow of rights. That is, if rights can be moved directly or indirectly from some subject p to another subject q, then one cannot prevent rights from flowing in the opposite direction, from q to p. This property limits the applicability of this mechanism and therefore that of any protection scheme utilizing it. We analyze the nature and ramifications of this limitation and demonstrate that its root cause is the fact that (under this mechanism) a right possessed by a sender suffices to authorize a movement of rights. We propose an alternative, "Take-Receive," model in which this limitation is eliminated, thus enabling the implementation of more useful protection disciplines. We prove this result by analyzing tl-e dynamic behavior of the proposed model.
Keywords :
Access Control; Take-Grant model; protection; transport of rights; Access control; Computer science; Control systems; Mechanical factors; Protection; Software engineering; Access Control; Take-Grant model; protection; transport of rights;
fLanguage :
English
Journal_Title :
Software Engineering, IEEE Transactions on
Publisher :
ieee
ISSN :
0098-5589
Type :
jour
DOI :
10.1109/TSE.1982.236020
Filename :
1702993
Link To Document :
بازگشت