Safety in Access Control Take-Grant (best viewed in slide-show mode)

1. Safety in Access ControlTake-Grant(best viewed in slide-show mode) Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

2. The Take-Grant Model (late 70’s, early 80’s) A B t A/t (a) A/t Є dom(B) A B g B/g Original graph representation, late 70’s (b) B/g Є dom(A)

3. The Take-Grant Model (late 70’s, early 80’s) A B t A/t (a) A/t Є dom(B) A B g B/g Lockman-Minsky representation, 1982 (b) B/g Є dom(A)

4. Creation in Take-Grant A’/tg A’/tg A A t g t g A’ A’ (a) The Original View (b) The Lockman-Minsky View

5. Reversal of Take-Grant Flow: case t A B t A’/tg A/t A/t A’/tg t t g g A’

6. Reversal of Take-Grant Flow: case g A B g B/g B/g A’/tg A’/tg t t g g A’

7. Reversal of Grant-Only Flow A B g B/g B/g A’/g A/g A’/g g g g g A/g A/g B/g A’

8. Non-Reversal of Take-Only Flow A B t A’/t A/t A/t A’/t t t t A/t A’

9. Shortening of Take-Only Flows A B C t t A/t B/t B/t A/t

10. Summary • Take-Grant, Grant only • Disconnected islands of completely connected subjects with total sharing of rights within each island and no sharing across islands • Take-only • Original topology of flows is preserved, but existing paths can be shortened to a direct edge • Send-receive • Requires send and receive rights • Similar to take-only in preserving original topology of flows, but existing paths cannot always be shortened to a single edge

11. Exercise • Express take-grant, grant-only, take-only and send-receive in the HRU model • Are these constructions • Mono-conditional • Bi-conditional • Mono-operational