Browse Prior Art Database

SECURITY IN OPERATING SYSTEMS: SEPARATING THE RULES OF RIGHTS

IP.com Disclosure Number: IPCOM000128230D
Original Publication Date: 1978-Dec-31
Included in the Prior Art Database: 2005-Sep-15
Document File: 9 page(s) / 32K

Publishing Venue

Software Patent Institute

Related People

ELAINE J. WEYUKER: AUTHOR [+3]

Abstract

Several possible models of protection mechanisms for operating systems are discussed. These models represent modifications of models introduced by Harrison, Ruzzo, and Unman, and Jones, Lipton and Snyder. The modifications represent attempts to rectify certain unrealistic features. The effects of the modifications on the decidability of key questions is investigated, as well as complexity questions when appropriate. It is demonstrated that for each modification considered, decidability and complexity results are never worse than the less reasonable, original models. 4 i

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 14% of the total text.

Page 1 of 9

THIS DOCUMENT IS AN APPROXIMATE REPRESENTATION OF THE ORIGINAL.

SECURITY IN OPERATING SYSTEMS: SEPARATING THE RULES OF RIGHTS

BY ELAINE J. WEYUKER OCTOBER 1978 REPORT NO. 003

Abstract

Several possible models of protection mechanisms for operating systems are discussed. These models represent modifications of models introduced by Harrison, Ruzzo, and Unman, and Jones, Lipton and Snyder. The modifications represent attempts to rectify certain unrealistic features. The effects of the modifications on the decidability of key questions is investigated, as well as complexity questions when appropriate. It is demonstrated that for each modification considered, decidability and complexity results are never worse than the less reasonable, original models.

1. INTRODUCTION

There is presently a great deal of interest in security of operating systems and the protection mechanisms which control access to objects. We consider a general model of protection introduced by Harrison, Ruzzo, and Unman [4], and a specific i protection system defined by Jones, Lipton, and Snyder [5], [6]. We point out-certain unrealistic features of each, and discuss modifications which can be made to make such models more intui-tively reasonable. We investigate: the effects of these modifi-cations on the decidability and complexity of key questions about protection systems. . One feature common to both the general model of Harrison, Ruzzo, and Unman, and the specific system of Jones, Lipton, and Snyder, is that the rights which permit operations to be performed on objects are also the rights which control the application of commands. These commands in turn control the modification of the access or protection matrix which describes what rights a subject has to a given object. One obvious ques-tion which presents itself is whether this is reasonable. That is, should the same set of rights both control the operations which can be performed on an object, and also control the modification of the access matrix? There are several types of restrictions which can be placed on these models. The modifications we consider are motivated by the above question. The strictest requirement we impose is that the set of rights which enable commands, called con- trolling rights, be disjoint from the set of rights which can be entered into or deleted from the access matrix as a result of such a command. We call the latter type of rights, affected rights. We also consider some relaxations of the disjointness restriction, and study their effects on decidability and com-plexity questions and the ease of acquisition of rights. Finally, we investigate specific ways of modifying the Jones-Lipton-Snyder system, both in order to separate the different roles rights may play, and to make it more difficult for a subject to acquire new rights.

2. THE FORMAL MODELS

New York University Page 1 Dec 31, 1978

Page 2 of 9

SECURITY IN OPERATING SYSTEMS: SEPARATING THE RULES OF RIGHTS

In this section, we briefl...