© ravi sandhu hru and tam ravi sandhu laboratory for information security technology george mason...
TRANSCRIPT
![Page 1: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/1.jpg)
© Ravi Sandhuwww.list.gmu.edu
HRU and TAM
Ravi SandhuLaboratory for Information Security Technology
George Mason [email protected]
![Page 2: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/2.jpg)
2
© 2004 Ravi Sandhuwww.list.gmu.edu
The Access Matrix Model, Lampson 1971
![Page 3: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/3.jpg)
3
© 2004 Ravi Sandhuwww.list.gmu.edu
The HRU (Harrison-Ruzzo-Ullman) Model, 1976
U r w
V
F
r w
G
r
![Page 4: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/4.jpg)
4
© 2004 Ravi Sandhuwww.list.gmu.edu
The HRU (Harrison-Ruzzo-Ullman) Model, 1976
U r w
V
F
r w own
G
r
![Page 5: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/5.jpg)
5
© 2004 Ravi Sandhuwww.list.gmu.edu
The HRU (Harrison-Ruzzo-Ullman) Model, 1976
U r w
V
F
r w own
G
r
r
![Page 6: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/6.jpg)
6
© 2004 Ravi Sandhuwww.list.gmu.edu
HRU Commands and Operations
• command α(X1, X2 , . . ., Xk)if rl in (Xs1, Xo1) and r2 in (Xs2, Xo2) and ri in (Xsi, Xoi)
thenop1; op2; … opn
end• enter r into (Xs, Xo)
delete r from (Xs, Xo)create subject Xscreate object Xodestroy subject Xsdestroy object Xo
![Page 7: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/7.jpg)
7
© 2004 Ravi Sandhuwww.list.gmu.edu
HRU Examples
![Page 8: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/8.jpg)
8
© 2004 Ravi Sandhuwww.list.gmu.edu
HRU Examples
![Page 9: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/9.jpg)
9
© 2004 Ravi Sandhuwww.list.gmu.edu
HRU Examples
![Page 10: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/10.jpg)
10
© 2004 Ravi Sandhuwww.list.gmu.edu
HRU Examples
![Page 11: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/11.jpg)
11
© 2004 Ravi Sandhuwww.list.gmu.edu
The Safety Problem
Given• initial state• protection scheme (HRU commands)
Can r appear in a cell that exists in the initial state and does not contain r in the initial state?
More specific question might be:can r appear in a specific cell [s,o]
![Page 12: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/12.jpg)
12
© 2004 Ravi Sandhuwww.list.gmu.edu
The Safety Problem
Initial state: r’ in (o,o) and nowhere else
![Page 13: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/13.jpg)
13
© 2004 Ravi Sandhuwww.list.gmu.edu
Safety is Undecidable in HRU
![Page 14: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/14.jpg)
14
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM adds types to HRU
![Page 15: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/15.jpg)
15
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM adds types to HRU
![Page 16: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/16.jpg)
16
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM commands
![Page 17: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/17.jpg)
17
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM primitive operations
![Page 18: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/18.jpg)
18
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: enter and delete
![Page 19: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/19.jpg)
19
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: create and destroy
![Page 20: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/20.jpg)
20
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: create and destroy
![Page 21: © Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University sandhu@gmu.edu](https://reader034.vdocument.in/reader034/viewer/2022051400/551463d6550346494e8b5a67/html5/thumbnails/21.jpg)
21
© 2004 Ravi Sandhuwww.list.gmu.edu
The Safety Problem
• TAM has much stronger safety properties than HRU