**Reading**: *Chapters from revised text*, §3.2–3.4; [TL13]

- General case: It is undecidable whether a given state of a given protection system is safe for a given generic right.
- Approach: represent Turing machine tape as access control matrix, transitions as commands
- Reduce halting problem to it

- Related results
- The set of unsafe systems is recursively enumerable
- Monotonicity: no
*delete*or*destroy*primitive operations - The safety question for biconditional monotonic protection systems is undecidable.
- The safety question for monoconditional monotonic protection systems is decidable.
- The safety question for monoconditional protection systems without the
*destroy*primitive operation is decidable.

- Take-Grant Protection Model
- Counterpoint to HRU result
- Symmetry of take and grant rights
- Islands (maximal subject-only
*tg*-connected subgraphs) - Bridges (as a combination of terminal and initial spans)

- Sharing
- Definition:
*can•share*(*α*,**x**,**y**,*G*_{0}) true iff there exists a sequence of protection graphs*G*_{0}, …,*G_*such that_{n}*G*_{0}⊢^{*}*G*using only take, grant, create, remove rules and in_{n}*G*, there is an edge from_{n}**x**to**y**labeled*α* - Theorem:
*can•share*(*r*,**x**,**y**,*G*_{0}) iff there is an edge from**x**to**y**labeled*r*in*G*_{0}, or all of the following hold:- there is a vertex
**y**′ with an edge from**y**′ to**y**labeled*r*; - there is a subject
**y**′′ which terminally spans to**y**′, or**y**′′ =**y**′ - there is a subject
**x**′ which initially spans to**x**, or**x**′ =**x**; and - there is a sequence of islands
*I*_{1}, …,*I*connected by bridges for which_{n}**x**′ ∈*I*_{1}and**y**′ ∈*I*_{n}

- there is a vertex

- Definition:
- Model Interpretation
- ACM very general, broadly applicable; Take-Grant more specific, can model fewer situations
- Example: shared buffer managed by trusted third party

- Schematic Protection Model
- Protection type, ticket, function, link predicate, filter function
- Take-Grant as an instance of SPM

You can also obtain a PDF version of this. | Version of April 10, 2017 at 10:25AM |