A dynamically typed access control model
This paper presents the Dynamically Typed Access Control (DTAC) model for achieving secure access control in a highly dynamic environment. It simplifies the access control matrix model of Harrison, Ruzzo and Ullman by dropping the distinction between subjects and objects. It adds dynamic typing to cater for environments in which both rights and types can change. Its resulting flexibility means that it can be used to construct other security models, such as role-based access control or lattice based hierarchical models. The paper presents a formal definition of the DTAC model. A novel feature is that, instead of attempting to prove safety per se, we outline a technique to dynamically maintain a safety invariant. This is important because the run-time checks for the invariant are tractable, whereas equivalent static proofs would be intractable.
Unable to display preview. Download preview PDF.
- [BK85]W. E. Boebert and R. Y. Kain. A Practical Alternative to Hierarchical Integrity Policies. In Proceedings of the 8th National Computer Security Conference, Gaithersburg, Maryland, 1985.Google Scholar
- [BL73]D Bell and L LaPadula. Secure Computer Systems: Mathematical Foundations (Volume 1). Technical Report ESD-TR-73-278, Mitre Corporation, 1973.Google Scholar
- [GJS96]James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. Addison-Wesley, Menlo Park, California, August 1996.Google Scholar
- [Gol84]A Goldberg. Smalltalk-80: The Interactive Programming Environment. Addison-Wesley, Wokingham, England, 1984.Google Scholar
- [HRU76]Michael A Harrison, Walter L Ruzzo, and Jeffrey D Ullman. Protection in operating systems. Communications of the ACM, 19(8), August 1976.Google Scholar
- [Lam71]B. W. Lampson. Protection. In Proceedings Fifth Princeton Symposium on Information Sciences and Systems, March 1971. reprinted in Operating Systems Review, 8, 1, January 1974, pages 18–24.Google Scholar
- [San92]Ravi S Sandhu. The Typed Access Matrix Model. In IEEE Symposium on Security and Privacy, May 1992.Google Scholar
- [SG93]Ravi S Sandhu and Srinivas Ganta. On testing for absence of rights in access control models. In Proceeding of the IEEE Computer Security Foundation Workshop, June 1993.Google Scholar
- [TP97a]Jonathon Tidswell and John Potter. An Approach to Dynamic Domain and Type Enforcement. In Proceedings of the Second Australasian Conference on Information Security and Privacy, July 1997.Google Scholar
- [TP97b]Jonathon Tidswell and John Potter. Domain and Type Enforcement in a Μ-Kernel. In Proceedings of the 20th Australasian Computer Science Conference, February 1997.Google Scholar
- [WG92]Niklaus Wirth and Jürg Gutknecht. Project Oberon. Addison-Wesley, Wokingham, England, 1992.Google Scholar