Safety Problems in Access Control with Temporal Constraints - Computer Network Security

Information Technology Reference

In-Depth Information

if s is in S 0 and o is in O 0 then r is not in A 0 ( s ,o ),

•

s is in S 1 , o is in O 1 ,and r is in A 1 ( s ,o ),

- ∆ 0 = ∆ ,

•

contradicting the minimality of n .

Lemma 3. The sequence α 0 , ..., α n contains at most 1 conditional command.

Proof. If the sequence α 0 , ... , α n contains at least 2 conditional commands

then the command α n is conditional and there exists a non-negative integer p in

{

such that the command α p is conditional. Moreover, there exists

atimedhistory h with dynamic timed sequence ( v 0 ,∆ 0 ,θ 0 ,α 0 ), ( v 1 ,∆ 1 ,θ 1 ,α 1 ),

... such that:

0 ,...,n

−

}

- h |

= Π ,

- the following conditions are satisfied for some individual s of type subject

and some individual o of type object:

•

if s is in S n− 1 and o is in O n− 1 then r is not in A n− 1 ( s ,o ),

s is in S n , o is in O n ,and r is in A n ( s ,o ),

- ∆ 0 = ∆ ,

•

contradicting the minimality of n .

How do such ideas bear on theorem 5? By lemmas 2 and 3, there are two possi-

bilities:

- the commands α 0 , ... , α n are not conditional,

- the commands α 0 , ... , α n− 1 are not conditional and the command α n is

conditional.

In the first case, n is equal to 0. In the second case, n is less than or equal to the

number of elementary conditions in α n . This completes the proof of theorem 5.

6Con lu on

Temporal constraints allow the security administrator to clearly express the

desired temporal requirements that must satisfy the successive alterations of the

protection state of a computer system. The critical issue is the characterization

of classes of timed protection systems for which the safety problems considered in

section 5 are decidable. A key feature of access control with temporal constraints

is its extensibility. The form of elementary conditions is not fixed. We could, for

example, explore the effects of allowing testing in an access control matrix for

the presence of rights since at most duration d as opposed to testing for the

presence of rights since at least duration d which the model described in this

paper does. The intensive study of the issues relating to the support of such

conditions in our timed protection systems is still to be done.

Computer Network Security

Search WWH ::

Custom Search

Home