The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

On Safety in Discretionary Access Control

Download

Download PDF Document
PDF

Author

Ninghui Li and Mahesh V. Tripunitara

Tech report number

CERIAS TR 2005-20

Entry type

techreport

Abstract

An apparently prevailing myth is that safety is undecidable in Discretionary Access Control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable. In this paper, we dispel this myth. We argue that DAC should not be equated with the Harrison-Ruzzo-Ullman scheme, in which safety is undecidable. We present an efficient (running time cubic in its input size) algorithm for deciding safety in the Graham-Denning DAC scheme, which subsumes the DAC schemes used in the literature on comparing DAC with other access control models. We also refute several claims made in recent work by Solworth and Sloan, in which the authors present a new access control scheme based on labels and relabelling and claim that it can ``implement the full range of DAC models''. We present a precise characterization of their access control scheme and show that it does not adequately capture a simple DAC scheme.

Download

PDF

Institution

Purdue University

Key alpha

li

Affiliation

CERIAS and Dept. of Computer Sciences

Publication Date

1900-01-01

Subject

Discretionary Access Control, Safety Analysis, Comparing Access Control Schemes

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.