Referenced Items are not available for this document.
An apparently prevailing myth is that safety is undecidable in discretionary access control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable. In this paper we dispel this myth. We argue that DAC should not be equated with the Harrison-Ruzzo-Ullman (1976) access matrix scheme, in which safety is undecidable. We present an efficient (running time cubic in its input size) algorithm for deciding safety in the Graham-Denning (1972) DAC scheme, which subsumes the DAC schemes used in the literature on comparing DAC with other access control models. We also counter several claims made in recent work by Solworth and Sloan (2004), in which the authors present a new access control scheme based on labels and relabelling and assert that it can implement the full range of DAC models. We present a precise characterization of their access control scheme and show that it does not adequately capture a relatively simple DAC scheme.
Published in:
Security and Privacy, 2005 IEEE Symposium on
Date of Conference: 8-11 May 2005
- Page(s):
- 96 - 109
- ISSN :
- 1081-6011
- Print ISBN:
- 0-7695-2339-0
- INSPEC Accession Number:
- 8531185
- Digital Object Identifier :
- 10.1109/SP.2005.14
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
