A model for verification of data security in operating systems
Communications of the ACM
On the implementation of security measures in information systems
Communications of the ACM
The multics system: an examination of its structure
The multics system: an examination of its structure
| Hi-index | 0.00 |
In early 1970s the access matrix model for the security of software system was developed [1,2] as a generalized description of operating system protection mechanisms. This matrix is called security matrix, the columns of the matrix represent to some data structures in the system, the rows of the matrix are those potential users of the system, and each element in the matrix is a protection decision, d(i,j), specifying rule that governs the manipulation of the data structure j by user i. The users of the system may be permitted any of a number of different access rights to a data structure such as reading, appending, updating, deletion, execution, and changing protection. A modified access matrix model is used in MULTICS [3] and other virtual memory system.Later in 1984, an access control with single key-lock system was developed [4]. The system involved three matrices namely, assessors key matrix, information locks matrix, and access matrix. Each user has only one key associated with unique lock for each file. For each user and each file there is an access code that represented the permission of user to own, to write, to read, to execute, or not to access the file. The entries of these matrices are non-negative integers and stored in the main memory. However, for a large system that might involve hundreds or thousands of users and a huge number of files. Then, a large memory space is occupied by these three matrices.This research proposes a new technique that converts a number of matrix entries (at least 10) into a rational number and then stored in the memory. When access is requested the appropriate rational number is decoded, through a program, into the unique original matrix entries for the key-lock system to control access of information.The advantages of this new method are: (1) The reduction of the memory space required for the keys, locks, and access codes is at least 80% of the original needs. (2) The techniques of encoding and decoding are simple. (3) The construction of keys and locks still remain as simple as those proposed in [4]. Procedures for encoding and decoding are included and examples are presented.