{"title":"单调访问控制模型中多父创建的表达能力","authors":"P. Ammann, R. Lipton, R. Sandhu","doi":"10.1109/CSFW.1992.236780","DOIUrl":null,"url":null,"abstract":"Formal demonstration of equivalence or nonequivalence of different security models helps identify the fundamental constructs and principles in such models. The authors demonstrate the nonequivalence of two monotonic access control models that differ only in the creation operation for new subjects and/or objects; in particular, they show that single-parent creation is less expressive than multi-parent creation in monotonic models. The paper also demonstrates that in nonmonotonic models, multi-parent creation can be reduced to single-parent creation, thereby neutralizing the difference in expressive power. The nonequivalence proof is carried out on an abstract access control model, following which the results are interpreted in standard formulations. In particular, they apply the results to demonstrate nonequivalence of the schematic protection model (SPM) and the extended schematic protection model (ESPM). They also show how the results apply to the typed access matrix model (TAM).<<ETX>>","PeriodicalId":350578,"journal":{"name":"[1992] Proceedings The Computer Security Foundations Workshop V","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1992-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"The expressive power of multi-parent creation in monotonic access control models\",\"authors\":\"P. Ammann, R. Lipton, R. Sandhu\",\"doi\":\"10.1109/CSFW.1992.236780\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Formal demonstration of equivalence or nonequivalence of different security models helps identify the fundamental constructs and principles in such models. The authors demonstrate the nonequivalence of two monotonic access control models that differ only in the creation operation for new subjects and/or objects; in particular, they show that single-parent creation is less expressive than multi-parent creation in monotonic models. The paper also demonstrates that in nonmonotonic models, multi-parent creation can be reduced to single-parent creation, thereby neutralizing the difference in expressive power. The nonequivalence proof is carried out on an abstract access control model, following which the results are interpreted in standard formulations. In particular, they apply the results to demonstrate nonequivalence of the schematic protection model (SPM) and the extended schematic protection model (ESPM). They also show how the results apply to the typed access matrix model (TAM).<<ETX>>\",\"PeriodicalId\":350578,\"journal\":{\"name\":\"[1992] Proceedings The Computer Security Foundations Workshop V\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1992-06-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"[1992] Proceedings The Computer Security Foundations Workshop V\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSFW.1992.236780\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"[1992] Proceedings The Computer Security Foundations Workshop V","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.1992.236780","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The expressive power of multi-parent creation in monotonic access control models
Formal demonstration of equivalence or nonequivalence of different security models helps identify the fundamental constructs and principles in such models. The authors demonstrate the nonequivalence of two monotonic access control models that differ only in the creation operation for new subjects and/or objects; in particular, they show that single-parent creation is less expressive than multi-parent creation in monotonic models. The paper also demonstrates that in nonmonotonic models, multi-parent creation can be reduced to single-parent creation, thereby neutralizing the difference in expressive power. The nonequivalence proof is carried out on an abstract access control model, following which the results are interpreted in standard formulations. In particular, they apply the results to demonstrate nonequivalence of the schematic protection model (SPM) and the extended schematic protection model (ESPM). They also show how the results apply to the typed access matrix model (TAM).<>
![[1992] Proceedings The Computer Security Foundations Workshop V](/Content/css/sci/img/zetp.jpg)
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
