On the Expressive Power of the Unary

1
On the Expressive Power of the Unary Transformatio
n Model by Ravi Sandhu Srinivas Ganta Center
for Secure Information Systems George Mason
University
2
Outline
Introduction / Motivation Transformation
Model Example Expressive Power
Conclusion
3
NMT

Can enforce lots of diverse policies
Has simple implementation Cannot adequately
express the document release example
(Sandhu Suri, Oakland 92)
4
Document Release Example
A scientist prepares a document and can
release it only after getting approval from a
patent-officer.
????
5
Transformation Model (TRM)
Protection state in TRM is viewed in terms of
the familiar access matrix Protection
state of the system is given by the tuple
(OBJ, SUB, t, AM) The specification for
changing the protection state is given by an
authorization scheme
6
ACCESS MATRIX
objects
f o
s u b j e c t s
r w own
u s
7
Authorization Scheme
A set of access rights R. Disjoint sets
of subject and object types, TS and TO,
respectively. A collection of three classes
of state changing commands Transformation
commands, Create commands and Destroy
commands
8
Transformation Commands
Command name (S1s1,....Snsn, Oo) if
predicate then sequence of
primitive operations enter/delete r into
S, O end
Example
Command transfer-ownership (S1s, S2s, Oo)
if own ????
S1,O
then enter own in S2,O deleterown from S1,O
end
9
Create Commands
Command create (S1s1, Oo) create
object O enter own in S1, O end
10
Destroy Commands
Command destroy (S1s1, Oo)
destroy object O end
if own ????
S1,O then
11
TRM SUMMARY
A set of rights R A set of disjoint
subject and object types TS and TO
respectively A set of state-changing
transformation, creation and destroy commands
The initial state
12
Document Release Example
A document cannot be released by a scientist
without first obtaining approval from a
patent-officer. Types sci, po,
doc Rights read, write, own, review,
pat-ok, pat-reject, release
13
Create Command
Command create-doc (Ssci, Odoc)
create object O enter own in S,O
enter read in S,O enter write in S,O
end
14
Document Release Example
O doc
own read write
S sci
P po
15
Request Review
command rqst-review (Ssci, Ppo, Odoc)
if own ? S,O then enter
review in P,O delete write
from S,O end
write ? S,O
16
Get-Approval/Rejection
command get-approval (Ssci, Ppo, Odoc)
if own ? S,O then enter
pat-ok in S,O delete review
from P,O end
review ? P,O
command get-rejection (Ssci, Ppo, Odoc)
if own ? S,O then enter
pat-reject in S,O delete
review from P,O end
review ? P,O
17
Release / Revise Document
command release-doc (Ssci, Odoc) if
pat-ok ? S,O then enter release
in S,O delete pat-ok from
S,O end
command revise-doc (Ssci, Odoc) if
pat-reject ? S,O then enter write
in S,O delete pat-reject
from S,O end
18
Expressive Power
The document release example has commands
which test for atmost two cells of the
matrx. Binary Transformation Model
TRM BTRM
?
(Sandhu Ganta, Oakland 94)
19
Expressive Power
?
UTRM ? TRM
?
UTRM ? BTRM
20
UTRM ? BTRM
requires every subject in the simulation to be
of a different type. Esorics 94
21
UTRM ? BTRM
if every subject cannot be of a different type
22
Conclusion
UTRM ? BTRM impractical simulation
in general UTRM lt BTRM for all
practical purposes