On the expressive power of the unary transformation model

  • Ravi S. Sandhu
  • Srinivas Ganta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)


The Transformation Model (TRM) was recently introduced [10] in the literature by Sandhu and Ganta. TRM is based on the concept of transformation of rights. The propagation of access rights in TRM is authorized entirely by existing rights for the object in question. It has been demonstrated in the earlier work that TRM is useful for expressing various kinds of consistency, confidentiality, and integrity controls.

In our previous work [10], a special case of TRM named Binary Transformation Model (BTRM) was defined. We proved that BTRM is equivalent in expressive power to TRM. This result indicates that it suffices to allow testing for only two cells of the matrix.

In this paper we study the relationship between TRM and the Unary Transformation Model (UTRM). In UTRM, individual commands are restricted to testing for only one cell of the matrix (whereas individual TRM commands can test for multiple cells of the matrix). Contrary to our initial conjecture (of [10]), we found that TRM and UTRM are formally equivalent in terms of expressive power. The implications of this result on safety analysis is also discussed in this paper.


Access Control Access Rights Authorization Client-Server Architecture Expressive Power 


  1. 1.
    Ammann, P.E. and Sandhu, R.S. “Implementing Transaction Control Expressions by Checking for Absence of Access Rights.” Proc. Eighth Annual Computer Security Applications Conference, San Antonio, Texas, December 1992.Google Scholar
  2. 2.
    Bell, D.E. and LaPadula, L.J. “Secure Computer Systems: Unified Exposition and Multics Interpretation.” MTR-2997, Mitre, Bedford, Massachusetts (1975).Google Scholar
  3. 3.
    Denning, D.E. “A Lattice Model of Secure Information Flow.” Communications of ACM 19(5):236–243 (1976).CrossRefGoogle Scholar
  4. 4.
    Harrison, M.H., Ruzzo, W.L. and Ullman, J.D. “Protection in Operating Systems.” Communications of ACM 19(8), 1976, pages 461–471.CrossRefGoogle Scholar
  5. 5.
    McLean, J. “A Comment on the ‘Basic Security Theorem’ of Bell and LaPadula.” Information Processing Letters 20(2):67–70 (1985).CrossRefMathSciNetGoogle Scholar
  6. 6.
    McLean, J. “Specifying and Modeling Computer Security.” IEEE Computer 23(1):9–16 (1990).Google Scholar
  7. 7.
    Sandhu, R.S. “Transformation of Access Rights.” Proc. IEEE Symposium on Security and Privacy, Oakland, California, May 1989, pages 259–268.Google Scholar
  8. 8.
    Sandhu, R.S. “The Typed Access Matrix Model” IEEE Symposium on Research in Security and Privacy, Oakland, CA. 1992, pages 122–136.Google Scholar
  9. 9.
    Sandhu, R.S. and Suri, G.S. “Non-monotonic Transformations of Access Rights.” Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1992, pages 148–161.Google Scholar
  10. 10.
    Sandhu, R.S. and Srinivas Ganta. “On the Minimality of Testing for Rights in Transformation Models.” Proc. IEEE Symposium on Research in Security and Privacy, Oakland, California, May 16–18, 1994, pages 230–241.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Ravi S. Sandhu
    • 1
  • Srinivas Ganta
    • 1
  1. 1.Center for Secure Information Systems & Department of Information and Software Systems EngineeringGeorge Mason UniversityFairfaxUSA

Personalised recommendations