Information Technology Reference
In-Depth Information
with subscripts. Each primitive operation modifies the current protection state
in a way which is peculiar to what its name implicitly means. To make things
perfectly clear, it is convenient to consider the concept of state derivability. Let
θ
be a substitution and
π
be a primitive operation. Suppose there is no variable
in
θ
(
π
), i.e. every variable in
π
is replaced by an individual through the use of
θ
.If
∆
=(
S, O, A
)and
∆
=(
S
,O
,A
) are protection states then we shall say
that
∆
is derivable from
∆
in one step using
θ
and
π
,insymbols
∆
−→
π
∆
,
iff one of the following conditions is satisfied:
-
π
is “
create subject
σ
”,
θ
(
σ
)isnotin
S
, and the only difference between
∆
and
∆
is that
S
=
S
,
-
π
is “
destroy subject
σ
”,
θ
(
σ
)isin
S
, and the only difference between
∆
and
∆
is that
S
=
S
∪{
θ
(
σ
)
}
,
-
π
is “
create object
ω
”,
θ
(
ω
)isnotin
O
, and the only difference between
∆
and
∆
is that
O
=
O
\{
θ
(
σ
)
}
∪{
θ
(
ω
)
}
,
-
π
is “
destroy object
ω
”,
θ
(
ω
)isin
O
, and the only difference between
∆
and
∆
is that
O
=
O
,
-
π
is “
enter
r
into
A
(
σ, ω
)”,
θ
(
σ
)isin
S
,
θ
(
ω
)isin
O
, and the only difference
between
∆
and
∆
is that
A
(
θ
(
σ
)
,θ
(
ω
)) =
A
(
θ
(
σ
)
,θ
(
ω
))
\{
θ
(
ω
)
}
,
-
π
is “
delete
r
from
A
(
σ, ω
)”,
θ
(
σ
)isin
S
,
θ
(
ω
)isin
O
, and the only difference
between
∆
and
∆
is that
A
(
θ
(
σ
)
,θ
(
ω
)) =
A
(
θ
(
σ
)
,θ
(
ω
))
∪{
r
}
\{
r
}
.
Consider again the protection state
∆
shown in table 1. If primitive operations
π
1
,
π
2
,
π
3
,and
π
4
are “
create object
ω
”, “
enter
r
0
into
A
(
σ, ω
)”, “
enter
r
1
into
A
(
σ, ω
)”, and “
enter
r
2
into
A
(
σ, ω
)” and substitution
θ
is
{σ/s
2
,ω/o
2
}
then
π
4
∆
,where
∆
is the protection state defined by
table 2. If primitive operation
π
5
is “
enter
r
3
into
A
(
σ
,ω
)” and substitution
θ
is
π
1
◦−→
π
2
◦−→
π
3
◦−→
∆
−→
π
5
∆
,where
∆
is the protection state defined by
table 3. If primitive operation
π
6
is “
enter
r
4
into
A
(
σ
,ω
)” and substitution
θ
is
{
σ
/s
0
,ω/o
2
}
then
∆
−→
θ
{
π
6
∆
,where
∆
is the protection state defined by
table 4. If primitive operation
π
7
is “
enter
r
5
into
A
(
σ
,ω
)” and substitution
θ
is
σ
/s
1
,ω/o
2
}
then
∆
−→
σ
/s
2
,ω/o
2
}
then
∆
−→
π
7
∆
(4)
,where
∆
(4)
is the protection state defined
{
by table 5.
3
HRU Protection Systems
Within the context of HRU protection systems, primitive operations can be
invoked indirectly via HRU commands of the form:
Table 2.
Protection state
∆
A
o
0
o
1
o
2
s
0
{r
1
,r
2
}
{r
0
,r
1
,r
2
}
∅
s
1
{r
0
,r
1
,r
2
}
{r
1
,r
2
}
∅
s
2
{r
1
,r
2
}
{r
1
,r
2
}
{r
0
,r
1
,r
2
}
