The NTree: a two dimension partial order for protection groups
ACM Transactions on Computer Systems (TOCS)
ACM Computing Surveys (CSUR)
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
A lattice model of secure information flow
Communications of the ACM
Communications of the ACM
Protection and the control of information sharing in multics
Communications of the ACM
Role-based security: pros, cons, & some research directions
ACM SIGSAC Review
Role-based security, object oriented databases and separation of duty
ACM SIGMOD Record
Hi-index | 0.00 |
The benefits of providing access control with groups of users as the unit of granularity are enhanced if the groups are organized in a hierarchy (partial order) by the subgroup relation or=, where gor=h signifies that every member of group g is thereby also a member of group h. It is often useful to distinguish the case when g is an immediate subgroup of h, that is when gh and there is no group k such that gkh. The class of partial orders called n-trees was recently defined by using rooted trees and inverted rooted trees as basic partial orders and combining these recursively by refinement. Any n-tree hierarchy can be expressed as the intersection of two linear orderings, so it is possible to assign a pair of integers l(x) and r(x) to each group x such that gor=h if and only if l(g)or=l(h) and r(g)or=r(h). The author shows how to extend this representation of n-trees by assigning four additional integers to each group so that it is also easily determined whether or not g is an immediate subgroup of h.