Safety Problems in Access Control with Temporal Constraints - Computer Network Security

Information Technology Reference

In-Depth Information

Table 1. Protection state ∆

o 0

o 1

s 0

{r 1 ,r 2 }

{r 0 ,r 1 ,r 2 }

s 1

{r 0 ,r 1 ,r 2 }

{r 1 ,r 2 }

s 2

{r 1 ,r 2 }

Protection States

Let R be a finite set with typical member denoted r , r etc, possibly with sub-

scripts. Its elements are called rights. The rights of our abstract model corre-

spond, for instance, to those of the Unix system: read , write ,etc.Let SC be a

countable set of individuals of type subject with typical member denoted s , s

etc, possibly with subscripts, and OC be a countable set of individuals of type

object with typical member denoted o , o etc, possibly with subscripts. Indi-

viduals will also be denoted by the letters a , a , etc, possibly with subscripts.

Elements of SC will also be called subjects and elements of OC will also be called

objects. The set of subjects is the set of active entities, such as human beings.

The set of objects is the set of passive entities, such as files. To characterize the

connection between subjects and objects, we present the concept of protection

state. A protection state ( S, O, A ) has three components: a finite subset S of

SC , a finite subset O of OC , and a function A assigning to each subject s in

S and each object o in O a subset A ( s, o )of R . With each finite subset S or O

we associate its cardinality, denoted by

be the cardinality of

the finite set R . For subject s in S and object o in O , the relationship “ r is in

A ( s, o )” means that subject s has right r on object o . Protection states will be

denoted by the letters ∆ , ∆ , etc, possibly with subscripts. Table 1 illustrates a

simple protection state ∆ presented in a matrix form. The entries in the matrix

specify the rights that each subject has on each object. Seeing that entities such

as processes can be treated as both subjects and objects, we will assume that for

all protection states ( S, O, A ), S is included in O .Let SV be a countable set of

variables of type subject with typical member denoted σ , σ etc, possibly with

subscripts, and OV be a countable set of variables of type object with typical

member denoted ω , ω etc, possibly with subscripts. Variables will also be de-

noted by the letters X , X , etc, possibly with subscripts. There are 6 primitive

operations which are used to modify protection states:

.Let

- “ create subject σ ”and“ destroy subject σ ”,

- “ create object ω ”and“ destroy object ω ”,

- “ enter r into A ( σ, ω )” and “ delete r from A ( σ, ω )”.

Primitive operations will be denoted by the letters π , π , etc, possibly with

subscripts. Substitutions replace individuals for variables. Hence they are finite

sets of the form

where each X i is a variable, each a i is an

individual, and the variables X 1 , ... , X n are pairwise distinct. We will always

consider that substitutions are balanced, i.e. for all i in

{

X 1 /a 1 ,...,X n /a n }

, X i and a i are

of the same type. Substitutions will be denoted by the letters θ , θ , etc, possibly

{

1 ,...,n

}

Computer Network Security

Search WWH ::

Custom Search

Home