the typed access matrix model (tam) and augmented tam (atam)
DESCRIPTION
The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM). Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu [email protected]. TAM: Typed Access Matrix Model TAM adds types to HRU and preserves strong safety results of SPM/ESPM - PowerPoint PPT PresentationTRANSCRIPT
© 2004 Ravi Sandhuwww.list.gmu.edu
The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM)
Ravi SandhuLaboratory for Information Security Technology
George Mason [email protected]
2
© 2004 Ravi Sandhuwww.list.gmu.edu
Outline
• TAM: Typed Access Matrix Model• TAM adds types to HRU and preserves strong safety
results of SPM/ESPM• SO-TAM: Single Object TAM
• SO-TAM manipulates one column of the access matrix at a time and is equivalent to TAM
• ATAM: Augmented TAM• ATAM adds testing for absence of rights to TAM• ATAM is equivalent to TAM in one sense but more
expressive in another
3
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM adds types to HRU
4
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM adds types to HRU
5
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM commands
6
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM primitive operations
7
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: enter and delete
8
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: create and destroy
9
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: create and destroy
10
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON in TAM
11
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON in TAM
12
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON in TAM
13
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON in TAM
14
© 2004 Ravi Sandhuwww.list.gmu.edu
MTAM: Monotonic TAM
15
© 2004 Ravi Sandhuwww.list.gmu.edu
MTAM Canonical Schemes
16
© 2004 Ravi Sandhuwww.list.gmu.edu
MTAM Canonical Schemes
17
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON as a MTAM Canonical Scheme
18
© 2004 Ravi Sandhuwww.list.gmu.edu
Acyclic TAM schemes
19
© 2004 Ravi Sandhuwww.list.gmu.edu
Acyclic TAM unfolded state
20
© 2004 Ravi Sandhuwww.list.gmu.edu
Acyclic MTAM unfolded state
21
© 2004 Ravi Sandhuwww.list.gmu.edu
Acyclic MTAM safety
22
© 2004 Ravi Sandhuwww.list.gmu.edu
Ternary MTAM
23
© 2004 Ravi Sandhuwww.list.gmu.edu
Ternary MTAM
24
© 2004 Ravi Sandhuwww.list.gmu.edu
Binary and Unary MTAM
• Unary MTAM• Useless
• Binary MTAM• Single-parent creation or spontaneous double-
child creation• Less expressive than multi-parent creation
25
© 2004 Ravi Sandhuwww.list.gmu.edu
SOTAM: single object TAM
26
© 2004 Ravi Sandhuwww.list.gmu.edu
SOTAM
• SOTAM is equivalent in expressive power to TAM
27
© 2004 Ravi Sandhuwww.list.gmu.edu
ATAM: Augmented TAM
• Allow testing for absence of rights in the conditions of commands
• ATAM is equivalent in expressive power to TAM in unbounded simulation but most likely not in bounded simulation• “Most likely not” has recently been shown to be
“provably cannot”