1 / 22

On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta

On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta Center for Secure Information Systems George Mason University. Outline. • Introduction / Motivation • Transformation Model • Example • Expressive Power • Conclusion. NMT.

nike
Download Presentation

On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta Center for Secure Information Systems George Mason University

  2. Outline • Introduction / Motivation • Transformation Model • Example • Expressive Power • Conclusion

  3. NMT • Can enforce lots of diverse policies • Has simple implementation • Cannot adequately express the document release example (Sandhu & Suri, Oakland 92)

  4. Document Release Example • A scientist prepares a document and can release it only after getting approval from a patent-officer. 

  5. Transformation Model (TRM) • Protection state in TRM is viewed in terms of the familiar access matrix • Protection state of the system is given by the tuple (OBJ, SUB, t, AM) • The specification for changing the protection state is given by an authorization scheme

  6. ACCESS MATRIX objects f : o s u b j e c t s r w own u : s

  7. Authorization Scheme • A set of access rights R. • Disjoint sets of subject and object types, TS and TO, respectively. • A collection of three classes of state changing commands: Transformation commands, Create commands and Destroy commands

  8. Transformation Commands Command name (S1:s1,....Sn:sn, O:o) if predicate then sequence of primitive operations enter/delete r into [S, O] end Example: Command transfer-ownership (S1:s, S2:s, O:o) if own  [S1,O] then enter own in [S2,O] deleterown from [S1,O] end

  9. Create Commands Command create (S1:s1, O:o) create object O enter own in [S1, O] end

  10. Destroy Commands Command destroy (S1:s1, O:o) destroy object O end if own  [S1,O] then

  11. TRM SUMMARY • A set of rights R • A set of disjoint subject and object types TS and TO respectively • A set of state-changing transformation, creation and destroy commands • The initial state

  12. Document Release Example • A document cannot be released by a scientist without first obtaining approval from a patent-officer. • Types = { sci, po, doc} • Rights = {read, write, own, review, pat-ok, pat-reject, release}

  13. Create Command • Command create-doc (S:sci, O:doc) create object O enter own in [S,O] enter read in [S,O] enter write in [S,O] end

  14. Document Release Example O :doc own read write S: sci P: po

  15. Request Review • command rqst-review (S:sci, P:po, O:doc) if own  [S,O] then enter review in [P,O] delete write from [S,O] end write  [S,O]

  16. Get-Approval/Rejection • command get-approval (S:sci, P:po, O:doc) if own  [S,O] then enter pat-ok in [S,O] delete review from [P,O] end review  [P,O] • command get-rejection (S:sci, P:po, O:doc) if own  [S,O] then enter pat-reject in [S,O] delete review from [P,O] end review  [P,O]

  17. Release / Revise Document • command release-doc (S:sci, O:doc) if pat-ok  [S,O] then enter release in [S,O] delete pat-ok from [S,O] end • command revise-doc (S:sci, O:doc) if pat-reject  [S,O] then enter write in [S,O] delete pat-reject from [S,O] end

  18. Expressive Power • The document release example has commands which test for atmost two cells of the matrx. • Binary Transformation Model • TRM BTRM  (Sandhu & Ganta, Oakland 94)

  19. Expressive Power ? • UTRM  TRM ? • UTRM  BTRM

  20. UTRM  BTRM • requires every subject in the simulation to be of a different type. • Esorics 94

  21. UTRM  BTRM • if every subject cannot be of a different type

  22. Conclusion • UTRM  BTRM impractical simulation in general • UTRM < BTRM for all practical purposes

More Related