A logic-based safety analysis algorithm for discretionary access control
详细信息 查看全文
- 作者:Xuexiong Yan (1)
Qingxian Wang (1)
Junhu Zhu (1)
Qi Xi (1) - 关键词:discretionary access control (DAC) ; safety analysis ; logic ; state transfer ; TP 309
- 刊名:Wuhan University Journal of Natural Sciences
- 出版年:2012
- 出版时间:December 2012
- 年:2012
- 卷:17
- 期:6
- 页码:531-538
- 全文大小:300KB
- 参考文献:1. Harrison M, Ruzzo W, Ullman J. Protection in operating systems [J]. / Communications of ACM, 1976, 19(8): 461鈥?71. CrossRef
2. Lipton R, Snyder L. A linear time algorithm for deciding subject security [J]. / Journal of the ACM, 1977, 24(3): 455鈥?64. CrossRef
3. Sandhu R. The schematic protection model: Its definition and analysis for acyclic attenuating schemes [J]. / Journal of ACM, 1988, 35(2): 404鈥?32. CrossRef
4. Sandhu R. The typed access matrix model [C]// / Proc of 1992 / IEEE Symposium on Security and Privacy. Los Alamitos: IEEE Computer Society Press, 1992: 122鈥?36.
5. Li N, Tripunitara M. Security analysis in role based access control [C]// / Proc of the Ninth ACM Symposium on Access Control Models and Technologies ( / SACMAT 2004). New York: ACM Press, 2004: 126鈥?35.
6. Munawer Q, Sandhu R. Simulation of the augmented typed access matrix model (ATAM) using roles [EB/OL]. [2011-09-26]. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.91.612&rep=rep1&type=pdf.
7. Yang Qiuwei, Hong Fan, Yang Muxiang, / et al. Security analysis on administrative model of role-based access control [J]. / Journal of Software, 2006, 17(8): 1804鈥?810 (Ch). CrossRef
8. Sasturkar A, Yang P, Stoller S. Policy analysis for administrative role based access control [C]// / Proc of 19 / th IEEE Workshop on Computer Security Foundations. New York: IEEE Press, 2006: 183鈥?96.
9. Liu Qiang, Jiang Yunfei, Rao Dongning. Safety analysis of ARBAC policy based on graphplan [J]. / Chinese Journal of Computers, 2009, 32(5): 910鈥?21 (Ch). CrossRef
10. Jiang Yixin, Lin Chuang, Yin Hao, / et al. Zhangxi T. Security analysis of mandatory access control model [C]// / Proc of 2004 / IEEE International Conference on Systems, / Man and Cybernetics. New York: IEEE Press, 2004: 5013鈥?018.
11. Li N, Winsborough W, Mitchell J. Beyond proof-of-compliance: Safety and availability analysis in trust management [C] // / Proc of 2003 / IEEE Symposium on Security and Privacy. New York: IEEE Press, 2003: 123鈥?39.
12. Zhang X, Sandu R. Safety analysis of usage control authorization models [C]// / Proc of ASIACCS鈥?06. New York: ACM Press, 2006: 243鈥?54. CrossRef
13. U. S. Department of Defense. DoD 5200.28-STD. / Trusted Computer System Evaluation Criteria [S]. 1985.
14. Graham G, Denning P. Protection鈥攑rinciples and practice [C]// / Proc of AFIPS Spring Joint Computer Conference. New York: ACM Press, 1972: 417鈥?29.
15. Solworth J, Sloan R. A layered design of discretionary access controls with decidable safety properties [C]// / Proc of IEEE Symposium on Research in Security and Privacy. New York: ACM Press, 2004: 56鈥?7.
16. Li N, Tripunitara V. On safety in discretionary access control [C] // / Proc of In Proceedings of the 2005 / IEEE Symposium on Security and Privacy. Washington, D C: IEEE Computer Society Press, 2005: 96鈥?09. - 作者单位:Xuexiong Yan (1)
Qingxian Wang (1)
Junhu Zhu (1)
Qi Xi (1)
1. National Digital Switching System Engineering and Technological R&D Center, Zhengzhou, 450002, Henan, China - ISSN:1993-4998
文摘
For the issue of the discretionary access control (DAC) model safety analysis, a logic method is proposed. This method takes the GD model as the classic DAC model and Prolog as the basic language to describe system states and state transfer rules. A general program based on this logic method is proposed for DAC safety analysis, but this program may never be terminal for some safety analysis goal. The safety analysis algorithm is achieved by simplifying the general program according to the property of the DAC model state transfer rules. This safety analysis algorithm is easier to understand and implement than the previous algorithms and its time complexity is O(N+M+T), in which N, M, and T are the numbers of the rights with copy flag, the policies for right transferring, and the policies for right permitting, respectively.