Title :
On testing for absence of rights in access control models
Author :
Sandhu, Ravi S. ; Ganta, Srinivas
Author_Institution :
Dept. of Inf. & Software Syst. Eng., George Mason Univ., Fairfax, VA, USA
Abstract :
The well-known access control model formalized by M.H. Harrison, W.C. Ruzzo, and J.D. Ullman (HRU) (1976), does not allow testing for absence of access rights in its commands. R.S. Sandhu´s Typed Access Matrix (TAM) model (1992), which introduces strong typing into the HRU model, continues this tradition. P.E. Ammann R.S. Sandhu (1992), have proposed an extension of TAM called augmented TAM (ATAM), which allows testing for absence of rights. The motivation for ATAM is to express policies for dynamic separation of duties based on transaction control expressions. The authors study the question of whether or not testing for absence of access rights adds fundamental expressive power. They show that TAM and ATAM are formally equivalent in their expressive power. However, their construction indicates that while testing for absence of rights is theoretically unnecessary, such testing appears to be practically beneficial
Keywords :
authorisation; data structures; multi-access systems; HRU; Typed Access Matrix; access control model; access rights; augmented TAM; expressive power; formally equivalent; strong typing; transaction control expressions; Access control; Control systems; Information systems; Permission; Protection; Security; Software systems; Software testing; System testing; Systems engineering and theory;
Conference_Titel :
Computer Security Foundations Workshop VI, 1993. Proceedings
Conference_Location :
Franconia, NH
Print_ISBN :
0-8186-3950-4
DOI :
10.1109/CSFW.1993.246635
