The Sharing of Rights and Information in a Capability-Based Protection System


Technical Report


Using the information transfer extensions to the Take-Grant Protection Model, the concept of “theft of information” is defined and necessary and sufficient conditions for such theft to occur are presented, as well as bounds on the number of actors involved in such theft. Finally the application of these results to reference monitors are explored.