On the expressive power of the unary transformation model
The Transformation Model (TRM) was recently introduced  in the literature by Sandhu and Ganta. TRM is based on the concept of transformation of rights. The propagation of access rights in TRM is authorized entirely by existing rights for the object in question. It has been demonstrated in the earlier work that TRM is useful for expressing various kinds of consistency, confidentiality, and integrity controls.
In our previous work , a special case of TRM named Binary Transformation Model (BTRM) was defined. We proved that BTRM is equivalent in expressive power to TRM. This result indicates that it suffices to allow testing for only two cells of the matrix.
In this paper we study the relationship between TRM and the Unary Transformation Model (UTRM). In UTRM, individual commands are restricted to testing for only one cell of the matrix (whereas individual TRM commands can test for multiple cells of the matrix). Contrary to our initial conjecture (of ), we found that TRM and UTRM are formally equivalent in terms of expressive power. The implications of this result on safety analysis is also discussed in this paper.
KeywordsAccess Control Access Rights Authorization Client-Server Architecture Expressive Power
- 1.Ammann, P.E. and Sandhu, R.S. “Implementing Transaction Control Expressions by Checking for Absence of Access Rights.” Proc. Eighth Annual Computer Security Applications Conference, San Antonio, Texas, December 1992.Google Scholar
- 2.Bell, D.E. and LaPadula, L.J. “Secure Computer Systems: Unified Exposition and Multics Interpretation.” MTR-2997, Mitre, Bedford, Massachusetts (1975).Google Scholar
- 6.McLean, J. “Specifying and Modeling Computer Security.” IEEE Computer 23(1):9–16 (1990).Google Scholar
- 7.Sandhu, R.S. “Transformation of Access Rights.” Proc. IEEE Symposium on Security and Privacy, Oakland, California, May 1989, pages 259–268.Google Scholar
- 8.Sandhu, R.S. “The Typed Access Matrix Model” IEEE Symposium on Research in Security and Privacy, Oakland, CA. 1992, pages 122–136.Google Scholar
- 9.Sandhu, R.S. and Suri, G.S. “Non-monotonic Transformations of Access Rights.” Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1992, pages 148–161.Google Scholar
- 10.Sandhu, R.S. and Srinivas Ganta. “On the Minimality of Testing for Rights in Transformation Models.” Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, May 16–18, 1994, pages 230–241.Google Scholar