On Safety in Discretionary Access Control

Authors:
Ninghui Li;Mahesh V. Tripunitara
Affiliations:
Purdue University, West Lafayette, IN;Purdue University, West Lafayette, IN
Venue:
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Year:
2005

Citing 0
Cited 10

On complexity of grammars related to the safety problem

Theoretical Computer Science
A theory for comparing the expressive power of access control models

Journal of Computer Security
A formal framework for reflective database access control policies

Proceedings of the 15th ACM conference on Computer and communications security
Safety in discretionary access control for logic-based publish-subscribe systems

Proceedings of the 14th ACM symposium on Access control models and technologies
A medical database case study for reflective database access control

Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Multi-layer audit of access rights

SDM'07 Proceedings of the 4th VLDB conference on Secure data management
A privacy preservation model for facebook-style social network systems

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Relationship-based access control: protection model and policy language

Proceedings of the first ACM conference on Data and application security and privacy
Program synthesis in administration of higher-order permissions

Proceedings of the 16th ACM symposium on Access control models and technologies
An authorization scheme for version control systems

Proceedings of the 16th ACM symposium on Access control models and technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

An apparently prevailing myth is that safety is undecidable in Discretionary Access Control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable. In this paper, we dispel this myth. We argue that DAC should not be equated with the Harrison-Ruzzo-Ullman access matrix scheme, in which safety is undecidable. We present an efficient (running time cubic in its input size) algorithm for deciding safety in the Graham-Denning DAC scheme, which subsumes the DAC schemes used in the literature on comparing DAC with other access control models. We also counter several claims made in recent work by Solworth and Sloan, in which the authors present a new access control scheme based on labels and relabelling and assert that it can implement the full range of DAC models. We present a precise characterization of their access control scheme and show that it does not adequately capture a relatively simple DAC scheme.