Embed Size (px)
Citation preview
© 2004 Ravi Sandhuwww.list.gmu.edu
Safety in Access ControlTake-Grant
(best viewed in slide-show mode)
Ravi SandhuLaboratory for Information Security Technology
George Mason [email protected]
2
© 2004 Ravi Sandhuwww.list.gmu.edu
The Take-Grant Model (late 70’s, early 80’s)
A
A/t
Bt
(a) A/t Є dom(B)
B/g
A Bg
(b) B/g Є dom(A)
Original graph representation, late 70’s
3
© 2004 Ravi Sandhuwww.list.gmu.edu
The Take-Grant Model (late 70’s, early 80’s)
A
A/t
Bt
(a) A/t Є dom(B)
B/g
A Bg
(b) B/g Є dom(A)
Lockman-Minsky representation, 1982
4
© 2004 Ravi Sandhuwww.list.gmu.edu
Creation in Take-Grant
A’/tgA
A’
t g
(a) The Original View
A’/tgA
A’
t g
(b) The Lockman-Minsky View
5
© 2004 Ravi Sandhuwww.list.gmu.edu
Reversal of Take-Grant Flow: case t
A
A/t
Bt
A’
t gg
t
A’/tgA/t
A’/tg
6
© 2004 Ravi Sandhuwww.list.gmu.edu
Reversal of Take-Grant Flow: case g
B/g
A Bg
A’
t gg
t
B/gA’/tg A’/tg
7
© 2004 Ravi Sandhuwww.list.gmu.edu
Reversal of Grant-Only Flow
B/g
A Bg
A/gA’
g gg
g
B/gA’/g
A/gB/g
A/gA’/g
8
© 2004 Ravi Sandhuwww.list.gmu.edu
Non-Reversal of Take-Only Flow
A
A/t
Bt
A’
t tt
A/t
A’/tA/tA’/t
9
© 2004 Ravi Sandhuwww.list.gmu.edu
Shortening of Take-Only Flows
A
A/t
Bt
B/t
Ct
B/tA/t
10
© 2004 Ravi Sandhuwww.list.gmu.edu
Summary
Take-Grant, Grant only• Disconnected islands of completely connected subjects with
total sharing of rights within each island and no sharing across islands
Take-only• Original topology of flows is preserved, but existing paths can
be shortened to a direct edgeSend-receive• Requires send and receive rights• Similar to take-only in preserving original topology of flows,
but existing paths cannot always be shortened to a single edge
11
© 2004 Ravi Sandhuwww.list.gmu.edu
Exercise
• Express take-grant, grant-only, take-only and send-receive in the HRU model
• Are these constructions• Mono-conditional• Bi-conditional• Mono-operational
