The Transfer of Information and Authority in a Protection System

Citation

• M. Bishop and L. Snyder, “The Transfer of Information and Authority in a Protection System,” Proceedings of the Seventh Symposium in Operating Systems Principles pp. 45–54 (Dec. 1979). DOI: 10.1145/800215.806569.

Paper

• Publisher’s version (free, goes to the ACM Digital Library)  
• Publisher’s version (behind a paywall; contact the author for a copy)

Bibliographic Information

• DOI: 10.1145/800215.806569
• BibTeX
• EndNote

Abstract

In the context of a capability-based protection system, the term “transfer” is used (here) to refer to the situation where a user receives information when he does not initially have a direct “right” to it. Two transfer methods are identified: de jure transfer refers to the case when the user acquires the direct authority to read the information; de facto transfer refers to the case when the user acquires the information (usually in the form of a copy and with the assistance of others), without necessarily being able to get the direct authority to read the information. The Take-Grant Protection Model, which already models de jure transfers, is extended with four rewriting rules to model de facto transfer. The configurations under which de facto transfer can arise are characterized. Considerable motivational discussion is included.

Copyright Notice

©1979 by by the Association for Computing Machinery (ACM). The definitive version was published in Proceedings of the Seventh Symposium in Operating Systems Principles, Dec. 1979, and is available at http://doi.acm.org/10.1145/800215.806569.