An Analysis of Access Control Models

Saunders, Gregory; Hitchens, Michael; Varadharajan, Vijay

doi:10.1007/3-540-48970-3_23

Gregory Saunders⁵,
Michael Hitchens⁵ &
Vijay Varadharajan⁶

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1587))

Included in the following conference series:

Australasian Conference on Information Security and Privacy

422 Accesses
5 Citations

Abstract

Access control in real systems is implemented using one or more abstractions based on the access control matrix (ACM). The most common abstractions are access control lists (ACLs) and capabilities. In this paper, we consider an extended Harrison-Ruzzo-Ullman (HRU) model to make some formal observations about capability systems versus access control list based systems. This analysis makes the characteristics of these types of access control mechanisms more explicit and is intended to provide a better understanding of their use. A combined model providing the flexibility of capabilities with the simplicity of the ACL and its relation to other models proposed earlier (e.g. [10,6]) are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

M. Anderson, R. D. Pose, and C. S. Wallace. A password-capability system. The Computer Journal, 29(1):1–8, February 1986.
Article Google Scholar
A. Dearle, R. di Bona, J. Farrow, F. Henskens, D. Hulse, A. Lindström, S. Norris, J. Rosenberg, and R. Vaughan. Protection in the grasshopper operating system. In Proceedings of the 6th International Workshop on Persistent Object Systems, pages 54–72, September 1994.
Google Scholar
J. B. Dennis and E. C. Van Horn. Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3):143–155, March 1966.
Article MATH Google Scholar
R. S. Fabry. Capability-based addressing. Communications of the ACM, 17(7):403–412, July 1974.
Article Google Scholar
D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554–563. October 1992.
Google Scholar
L. Gong. A secure identity-based capability system. In IEEE Symposium on Security and Privacy, pages 56–63. IEEE Computer Science Press, Oakland, CA, May 1989.
Chapter Google Scholar
P. M. Hansen, M. A. Linton, R. N. Mayo, M. Murphy, and D. A. Patterson. A performance evaluation of the intel iapx 432. Computer Architecture News, 10(4), June 1982.
Google Scholar
M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, August 1976.
Article MATH MathSciNet Google Scholar
P. Kaijser, T. Parker, and D. Pinkas. SESAME: The solution to security for open distributed systems. Computer Communications, 17(7):501–518, July 1994.
Article Google Scholar
P. A. Karger. Improving security and performance for capability systems. Technical Report 149, University of Cambridge Computer Laboratory, Cambridge, England, October 1988. Dissertation submitted for the degree of Doctor of Philosophy.
Google Scholar
B. W. Lampson. Protection. Operating Systems Review, 8(1):18–24, January 1974.
Article Google Scholar
G. J. Myers and B. R. S. Buckingham. A hardware implementation of capability based addressing. ACM Operating Systems Review, 14(4):13–25, October 1980.
Article Google Scholar
R. S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11):9–19, November 1993.
Google Scholar
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, February 1996.
Google Scholar
J. Shirley, W. Hu, and D. Magid. Guide to Writing DCE Applications: DCE Security Model. O’Reilly & Associates, Inc., 1994.
Google Scholar
A. S. Tanenbaum, S. J. Mullender, and R. van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th International Conference on Distributed Computing Systems, pages 558–563. IEEE, May 1986.
Google Scholar

Download references

Author information

Authors and Affiliations

Basser Department of Computer Science, University of Sydney, Australia
Gregory Saunders & Michael Hitchens
School of Computing & Information Technology, University of Western Sydney, Nepean, Australia
Vijay Varadharajan

Authors

Gregory Saunders
View author publications
You can also search for this author in PubMed Google Scholar
Michael Hitchens
View author publications
You can also search for this author in PubMed Google Scholar
Vijay Varadharajan
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information Technology and Computer Science, University of Wollongong, Wollongong, NSW, 2522, Australia
Josef Pieprzyk , Rei Safavi-Naini & Jennifer Seberry , &

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Saunders, G., Hitchens, M., Varadharajan, V. (1999). An Analysis of Access Control Models. In: Pieprzyk, J., Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 1999. Lecture Notes in Computer Science, vol 1587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48970-3_23

Download citation

DOI: https://doi.org/10.1007/3-540-48970-3_23
Published: 27 July 2001
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65756-9
Online ISBN: 978-3-540-48970-2
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics