Abstract
Lampson’s protection matrix provides a simple model for defining how subjects can access objects in a system. In real systems protection requirements can often be expressed in terms not easily captured by this simple view of subjects and objects. The paper considers how a system can be viewed as a collection of objects of particular classes and types and with particular compositions. In order to express the variety of possible protection conditions relevant to such a system we propose a new general protection model based on access rules and show how this can be applied to object-oriented systems. We then propose two orthogonal ways of classifying protection requirements. Protection mechanisms are then classified into 3 levels (architectural, language and programmed) and related back to the classification of requirements. Finally we present the MONADS protection mechanisms as an example of an efficient implementation for access rules, showing how a security policy might in practice be implemented to fulfil protection requirements expressed in terms of the model.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, M., Pose, R.D. and Wallace, C.S. (1986) “A Password-Capability System”, The Computer Journal, 29, 1, February 1986, pp. 1–8.
Boebert, W.E. “On the Inability of an Unmodified Capability Machine to Enforce the *- Property”, Proceedings of the 7th DoD/NBS Computer Security Conference, September 1984.
Campbell, R.H. and Habermann, A.N. (1974) “The Specification of Process Synchronisation by Path Expressions”, Lecture Notes in Computer Science, vol. 16, Springer, Heidelberg, pp. 89–102.
Freisleben, B. and Kammerer, P. (1990) “Capabilities and Encryption: The Ultimate Defense against Security Attacks?”, Proceedings of the International Workshop on Computer Architectures to Support Security and Persistence of Information, Bremen, 1990.
Gong, L. “On Security in Capability-Based Systems”, ACM Operating Systems Review, 23, 2, 1989, pp. 56–60.
Jones, A.K. and Liskov, B.H. (1978) “A Language Extension for Expressing Constraints on Data Access”, Communications of the ACM, 21, 5, pp. 358–367.
Keedy, J.L. and Freisleben, B. (1989) “Priority Semaphores”, The Computer Journal, 32, 1, 1989, pp. 24–28.
Keedy, J.L. and Richards, I. (1982) “A Software Engineering View of Files”, Australian Computer Journal, 14, 2, May 1982, pp. 56–61.
Keedy, J.L. and Rosenberg J. (1987) “Object Management and Addressing in the MONADS Architecture”, Proceedings of the International Workshop on Persistent Object Systems, Appin, Scotland, 1987.
Keedy, J.L. and Rosenberg J. (1989) “Support for Objects in the MONADS Architecture”, Proceedings of the International Workshop on Persistent Object Systems, Newcastle, Australia, January 1989, pp. 202–213.
Keedy, J.L., Rosenberg J. and Ramamohanarao, K. (1979) “On Implementing Semaphores with Sets”, The Computer Journal, 22, 2, May, 1979, pp. 146–150.
Keedy, J.L., Rosenberg J. and Ramamohanarao, K. (1982) “On Synchronising Readers and Writers with Semaphores”, The Computer Journal, 25, 1, February 1982, pp. 121–125.
Lampson, B.W. (1971) “Protection”, Proc. 5th Princeton Symposium on Information Sciences and Systems, Princeton University, reprinted in ACM Operating Systems Review, 8, 1, 1974, pp. 18–24.
Landwehr, C.E. “Formal Models for Computer Security”, ACM Computing Surveys, 13, 3, September 1981.
Lauer, H.C. and Ncedham, R.M. (1979) “On the Duality of Operating System Structures”, ACM Operating Systems Review, 13, 2, pp. 3–19.
McLean, J. (1990) “The Specification and Modeling of Computer Security”, IEEE Computer, 23, 1, 1990, pp. 9–16.
Stoll, C. “Stalking the Wiley Hacker”, Communications of the ACM, 31, 5, 1988, pp. 484–497.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1990 British Computer Society
About this paper
Cite this paper
Evered, M., Keedy, J.L. (1990). A Model for Protection in Persistent Object-Oriented Systems. In: Rosenberg, J., Keedy, J.L. (eds) Security and Persistence. Workshops in Computing. Springer, London. https://doi.org/10.1007/978-1-4471-3178-6_5
Download citation
DOI: https://doi.org/10.1007/978-1-4471-3178-6_5
Publisher Name: Springer, London
Print ISBN: 978-3-540-19646-4
Online ISBN: 978-1-4471-3178-6
eBook Packages: Springer Book Archive