Privilege graph: An extension to the typed access matrix model

  • Marc Dacier
  • Yves Deswarte
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)


In this paper, an extension to the TAM model is proposed to deal efficiently with authorization schemes involving sets of privileges. This new formalism provides a technique to analyse the safety problem for this kind of schemes and can be useful to identify which privilege transfers can lead to unsafe protection states. Further extensions are suggested towards quantitative evaluation of operational security and intrusion detection.


Intrusion Detection Expressive Power Maximal State Safety Problem Protection State 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Amman, P. E. and Sandhu, R. S. “Extending the Creation Operation in the Schematic Protection Model,” Proc. Sixth Annual Computer Security Applications Conference, 1990, pp. 340–348.Google Scholar
  2. 2.
    Amman, P. E. and Sandhu, R. S. “Implementing Transaction Control Expressions by Checking for Absence of Access Rights,” Proc. Eighth Annual Computer Security Applications Conference, San Antonio (Texas, USA), December 1992, pp. 131–140.Google Scholar
  3. 3.
    Bishop, M. and Snyder, L. “The Transfer of Information and Authority in a Protection System,” Proc. of the Seventh Symposium on Operating Systems Principles, Pacific Grove, California (USA), December 10–12, 1979, SIGOPS (ACM), pp. 45–54.Google Scholar
  4. 4.
    Biskup, J. “Some Variants of the Take-Grant Protection System”, Information Processing Letters, 19, 1984, pp. 151–156.Google Scholar
  5. 5.
    Dacier, M., Deswarte, Y. and Kaâniche, M. “A Framework for Security Assessment of Insecure Systems,” Predictably Dependable Computing Systems (PDCS-2), First Year Report, ESPRIT Project 6362, September 1993, pp. 561–578.Google Scholar
  6. 6.
    Dacier, M. “À Petri Net Representation of the Take-Grant Model,” Proc. of the 6th. Computer Security Foundations Workshop, Franconia (USA), June 15–17, 1993, pp. 99–108.Google Scholar
  7. 7.
    Harrison, M. A., Ruzzo, W. L. and Ullman, J. D. “Protection in Operating Systems,” Communications of the ACM, 19(8), August 1976, pp. 461–470.CrossRefGoogle Scholar
  8. 8.
    Jagannathan, R., Lunt, T., Gilham, F., Tamaru, A., Jalali, C., Neumann, P., Anderson, D., Garvey, T. and Lowrance, J., Requirements Specification: Next-Generation Intrusion Detection Expert System (NIDES), SRI Project 3131 — Requirement Specifications (A001, A002, A003, A004, A006), September 3, 1992.Google Scholar
  9. 9.
    Lampson, B. W. “Protection”, ACM Operating Systems Review, 8(1), 1974, pp. 18–24.CrossRefGoogle Scholar
  10. 10.
    Landwehr, C. E. “Formal Models for Computer Security”, ACM Computing Surveys, 13(3), 1981, pp. 247–278.CrossRefGoogle Scholar
  11. 11.
    Lypton, R. J. and Snyder, L. “A Linear Time Algorithm for Deciding Subject Security,” Communications of the ACM, ACM, 24(3), July 1977, pp. 455–464.Google Scholar
  12. 12.
    Sandhu, R.S. “The Schematic Protection Model: Its Definition and Analysis of Acyclic Attenuation Schemes,” Journal of the ACM, No. 2, 1988, pp. 404–432.CrossRefGoogle Scholar
  13. 13.
    Sandhu, R. S. and Suri, G. S. “Non-monotonic Transformation of Access Rights,” Proc. 1992 IEEE Symposium on Research in Security and Privacy, May 4–6, 1992, pp. 148–161.Google Scholar
  14. 14.
    Sandhu, R. S. “The Typed Access Matrix Model,” Proc. 1992 IEEE Symposium on Research in Security and Privacy, May 4–6, 1992, pp. 122–136.Google Scholar
  15. 15.
    Sandhu, R. S. and Ganta, S. “On Testing for Absence of Rights in Access Control Models,” Proc. of the Computer Security Foundations Workshop VI, IEEE Computer Society Press, Franconia (NH,USA), June 15–17, 1993, pp. 109–118.Google Scholar
  16. 16.
    Shieh, S. W. and Gligor, V. D. “A Pattern-Oriented Intrusion-Detection Model and Its Application”, Proc. 1991 IEEE Symposium on Research in Security and Privacy, Oakland (USA), May 20–22, 1991, pp. 327–342.Google Scholar
  17. 17.
    Snyder, L. “On the Synthesis and Analysis of Protection Systems,” Proc. of the Sixth Symposium on Operating Systems Principles, Purdue University (USA), November 16–18, 1977, SIGOPS (ACM), 11(5), pp 141–150.Google Scholar
  18. 18.
    Snyder, L. “Formal Models of Capability-Based Protection Systems”, IEEE Transactions on Computers, C-30(3), 1981, pp. 172–181.Google Scholar
  19. 19.
    Snyder, L. “Theft and Conspiracy in the Take-Grant Protection Model”, Journal of Computer and System Sciences, 23, 1981, pp. 333–347.CrossRefGoogle Scholar
  20. 20.
    von Solms, S. H. and de Villiers, D. P. “Protection Graph Rewriting Grammars and the Take-Grant Security Model”, Quæstiones Informaticæ, 6(1), 1988, pp. 15–18.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Marc Dacier
    • 1
  • Yves Deswarte
    • 1
  1. 1.LAAS-CNRS & INRIAToulouseFrance

Personalised recommendations