{"title":"扩展原理保护模型的安全性分析","authors":"P. Ammann, R. Sandhu","doi":"10.1109/RISP.1991.130777","DOIUrl":null,"url":null,"abstract":"It is argued that the access matrix model of M.H. Harrison, W.L. Ruzzo and J.D. Ullman (HRU) (1976) has extremely weak safety properties; safety analysis is undecidable for most policies of practical interest. An alternate formulation of the HRU model is presented that gives strong safety properties. This alternative formulation is called the extended schematic protection model (ESPM). ESPM is derived from the schematic protection model (SPM) by extending the creation operation to allow multiple parents for a child, as opposed to the conventional create operation of SPM, which has a single parent for a child. It is shown that, despite its equivalence to HRU, ESPM, retains a tractable safety analysis for a large class of protection schemes that are of practical interest.<<ETX>>","PeriodicalId":445112,"journal":{"name":"Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1991-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"56","resultStr":"{\"title\":\"Safety analysis for the extended schematic protection model\",\"authors\":\"P. Ammann, R. Sandhu\",\"doi\":\"10.1109/RISP.1991.130777\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is argued that the access matrix model of M.H. Harrison, W.L. Ruzzo and J.D. Ullman (HRU) (1976) has extremely weak safety properties; safety analysis is undecidable for most policies of practical interest. An alternate formulation of the HRU model is presented that gives strong safety properties. This alternative formulation is called the extended schematic protection model (ESPM). ESPM is derived from the schematic protection model (SPM) by extending the creation operation to allow multiple parents for a child, as opposed to the conventional create operation of SPM, which has a single parent for a child. It is shown that, despite its equivalence to HRU, ESPM, retains a tractable safety analysis for a large class of protection schemes that are of practical interest.<<ETX>>\",\"PeriodicalId\":445112,\"journal\":{\"name\":\"Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1991-05-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"56\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RISP.1991.130777\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RISP.1991.130777","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Safety analysis for the extended schematic protection model
It is argued that the access matrix model of M.H. Harrison, W.L. Ruzzo and J.D. Ullman (HRU) (1976) has extremely weak safety properties; safety analysis is undecidable for most policies of practical interest. An alternate formulation of the HRU model is presented that gives strong safety properties. This alternative formulation is called the extended schematic protection model (ESPM). ESPM is derived from the schematic protection model (SPM) by extending the creation operation to allow multiple parents for a child, as opposed to the conventional create operation of SPM, which has a single parent for a child. It is shown that, despite its equivalence to HRU, ESPM, retains a tractable safety analysis for a large class of protection schemes that are of practical interest.<>
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
