The Typed Access Matrix Model TAM and Augmented
- Slides: 27
The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology George Mason University www. list. gmu. edu sandhu@gmu. edu © 2004 Ravi Sandhu www. list. gmu. edu
Outline • TAM: Typed Access Matrix Model • TAM adds types to HRU and preserves strong safety results of SPM/ESPM • SO-TAM: Single Object TAM • SO-TAM manipulates one column of the access matrix at a time and is equivalent to TAM • ATAM: Augmented TAM • ATAM adds testing for absence of rights to TAM • ATAM is equivalent to TAM in one sense but more expressive in another © 2004 Ravi Sandhu www. list. gmu. edu 2
TAM adds types to HRU © 2004 Ravi Sandhu www. list. gmu. edu 3
TAM adds types to HRU © 2004 Ravi Sandhu www. list. gmu. edu 4
TAM commands © 2004 Ravi Sandhu www. list. gmu. edu 5
TAM primitive operations © 2004 Ravi Sandhu www. list. gmu. edu 6
TAM operations: enter and delete © 2004 Ravi Sandhu www. list. gmu. edu 7
TAM operations: create and destroy © 2004 Ravi Sandhu www. list. gmu. edu 8
TAM operations: create and destroy © 2004 Ravi Sandhu www. list. gmu. edu 9
ORCON in TAM © 2004 Ravi Sandhu www. list. gmu. edu 10
ORCON in TAM © 2004 Ravi Sandhu www. list. gmu. edu 11
ORCON in TAM © 2004 Ravi Sandhu www. list. gmu. edu 12
ORCON in TAM © 2004 Ravi Sandhu www. list. gmu. edu 13
MTAM: Monotonic TAM © 2004 Ravi Sandhu www. list. gmu. edu 14
MTAM Canonical Schemes © 2004 Ravi Sandhu www. list. gmu. edu 15
MTAM Canonical Schemes © 2004 Ravi Sandhu www. list. gmu. edu 16
ORCON as a MTAM Canonical Scheme © 2004 Ravi Sandhu www. list. gmu. edu 17
Acyclic TAM schemes © 2004 Ravi Sandhu www. list. gmu. edu 18
Acyclic TAM unfolded state © 2004 Ravi Sandhu www. list. gmu. edu 19
Acyclic MTAM unfolded state © 2004 Ravi Sandhu www. list. gmu. edu 20
Acyclic MTAM safety © 2004 Ravi Sandhu www. list. gmu. edu 21
Ternary MTAM © 2004 Ravi Sandhu www. list. gmu. edu 22
Ternary MTAM © 2004 Ravi Sandhu www. list. gmu. edu 23
Binary and Unary MTAM • Useless • Binary MTAM • Single-parent creation or spontaneous doublechild creation • Less expressive than multi-parent creation © 2004 Ravi Sandhu www. list. gmu. edu 24
SOTAM: single object TAM © 2004 Ravi Sandhu www. list. gmu. edu 25
SOTAM • SOTAM is equivalent in expressive power to TAM © 2004 Ravi Sandhu www. list. gmu. edu 26
ATAM: Augmented TAM • Allow testing for absence of rights in the conditions of commands • ATAM is equivalent in expressive power to TAM in unbounded simulation but most likely not in bounded simulation • “Most likely not” has recently been shown to be “provably cannot” © 2004 Ravi Sandhu www. list. gmu. edu 27