DocumentCode :
3108149
Title :
On safety in discretionary access control
Author :
Li, Ninghui ; Tripunitara, Mahesh V.
Author_Institution :
Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN, USA
fYear :
2005
fDate :
8-11 May 2005
Firstpage :
96
Lastpage :
109
Abstract :
An apparently prevailing myth is that safety is undecidable in discretionary access control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable. In this paper we dispel this myth. We argue that DAC should not be equated with the Harrison-Ruzzo-Ullman (1976) access matrix scheme, in which safety is undecidable. We present an efficient (running time cubic in its input size) algorithm for deciding safety in the Graham-Denning (1972) DAC scheme, which subsumes the DAC schemes used in the literature on comparing DAC with other access control models. We also counter several claims made in recent work by Solworth and Sloan (2004), in which the authors present a new access control scheme based on labels and relabelling and assert that it can implement the full range of DAC models. We present a precise characterization of their access control scheme and show that it does not adequately capture a relatively simple DAC scheme.
Keywords :
authorisation; computational complexity; decidability; safety; Graham-Denning DAC scheme; Harrison-Ruzzo-Ullman access matrix scheme; decidability; discretionary access control; labels; relabelling; running time; safety; Access control; Counting circuits; Privacy; Safety; Security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security and Privacy, 2005 IEEE Symposium on
ISSN :
1081-6011
Print_ISBN :
0-7695-2339-0
Type :
conf
DOI :
10.1109/SP.2005.14
Filename :
1425061
Link To Document :
بازگشت