1 / 21

HRU and TAM

HRU and TAM. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu. The Access Matrix Model, Lampson 1971. The HRU (Harrison-Ruzzo-Ullman) Model, 1976. G. F. U. r w. r. r w. V. The HRU (Harrison-Ruzzo-Ullman) Model, 1976.

clayton-browning
Download Presentation

HRU and TAM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

  2. The Access Matrix Model, Lampson 1971

  3. The HRU (Harrison-Ruzzo-Ullman) Model, 1976 G F U r w r r w V

  4. The HRU (Harrison-Ruzzo-Ullman) Model, 1976 G F U r w r r w own V

  5. The HRU (Harrison-Ruzzo-Ullman) Model, 1976 G F U r w r r r w own V

  6. HRU Commands and Operations • command α(X1, X2 , . . ., Xk) • if rl in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ri in (Xsi, Xoi) • then • op1; op2; … opn • end • enter r into (Xs, Xo) • delete r from (Xs, Xo) • create subject Xs • create object Xo • destroy subject Xs • destroy object Xo

  7. HRU Examples

  8. HRU Examples

  9. HRU Examples

  10. HRU Examples

  11. The Safety Problem • Given • initial state • protection scheme (HRU commands) • Can r appear in a cell that exists in the initial state and does not contain r in the initial state? • More specific question might be: • can r appear in a specific cell [s,o]

  12. The Safety Problem Initial state: r’ in (o,o) and nowhere else

  13. Safety is Undecidable in HRU

  14. TAM adds types to HRU

  15. TAM adds types to HRU

  16. TAM commands

  17. TAM primitive operations

  18. TAM operations: enter and delete

  19. TAM operations: create and destroy

  20. TAM operations: create and destroy

  21. The Safety Problem • TAM has much stronger safety properties than HRU

More Related