Browse Prior Art Database

Security Model for Office Objects

IP.com Disclosure Number: IPCOM000107155D
Original Publication Date: 1992-Jan-01
Included in the Prior Art Database: 2005-Mar-21
Document File: 3 page(s) / 85K

Publishing Venue

IBM

Related People

Baker, R: AUTHOR

Abstract

Existing security models in Office applications are usually based on the concept of object ownership. When an object is created, the user name creating it receives implicit authorization to manipulate it. Different levels of access and authority can be given by this owner to individual users or a group of users explicitly. While this approach works well for protection of objects, it has two primary problems: o administration of large volumes of objects and/or users since all sharing of objects must done through explicit grants, and o the connection between an object and its owner must be severed if the owner is relocated or leaves.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Security Model for Office Objects

       Existing security models in Office applications are
usually based on the concept of object ownership.  When an object is
created, the user name creating it receives implicit authorization to
manipulate it.  Different levels of access and authority can be given
by this owner to individual users or a group of users explicitly.
While this approach works well for protection of objects, it has two
primary problems:
  o  administration of large volumes of objects and/or users since
all sharing of objects must done through explicit grants, and
  o  the connection between an object and its owner must be severed
if the owner is relocated or leaves.

      In order to separate the access control and authority of an
object from the owner, we propose the following security model.  When
the object is created, the creator specifies a set of parameter
values that are established at installation by the enterprise.  These
parameters are mapped to a security category that may be accessible
to a variety of people.  The security category S is defined as
                    S = {p(1), p(2), ... , p(n)}
where pi is a valid security parameter value for each security domain
D(i).  The number and range of the security domains is determined by
each installation.  For example,
     D(1) = {Organizational Group | 'Legal','Personnel','Accounting'}
     D(2) = {Information Type | 'Document','Memo','Schedule'}
     D(3) = {Information Class | 'Unclassified','Confidential'}
                                   and
               O(1) is an unclassified legal document
               O(2) is an unclassified personnel memo
               O(3) is a confidential accounting schedule

      These objects are placed into a security category based on
their parameter values, which may be represented by a matrix or
table:
                      p(1)        p(2)         p(3)
        O(1)        Legal       Document    Unclassified
        O(2)        Personnel   Memo        Unclassified
        O(3)        Accounting  Schedule    Confidential

      Each user in the system has a security profile that is matched
against an object's security category to determine what level of
access is available.  This profile is defined by a set of first order
logic predicates.  Assume that user U1 has a s...