Abstract :
In this paper, the Take-Grant Model devel-oped by Jones, Lipton, and Snyder is extended in order to represent and study hierarchical protection systems. Two major classes of hierarchical systems are identified: tree systems and acyclic systems. The first class deala with an organization that places decision-making in a single authority while the second provides for decentralization of authority. A subclass of acyclic systems, called clustered systems, is a hybrid of these basic classes. The question of stealing is mute in these systems; protection is given by providing inherent limitations on the propagation of access rights. The restricted authority and clustered systems are examined with regard to the potential for the propagation of rights after sharing has occurred. It is possible to identify a set of subjects which includes the subject that must have acted in order for sharing to take place.
