| 词条 | Graham-Denning model |
| 释义 |
The Graham-Denning model is a computer security model that shows how subjects and objects should be securely created and deleted. It also addresses how to assign specific access rights. It is mainly used in access control mechanisms for distributed systems. There are three main parts to the model: A set of subjects, a set of objects, and a set of eight rules. A subject may be a process or a user that makes a request to access a resource. An object is the resource that a user or process wants to access. FeaturesThis model addresses the security issues associated with how to define a set of basic rights on how specific subjects can execute security functions on an object. The model has eight basic protection rules (actions) that outline:
Moreover, each object has an owner that has special rights on it, and each subject has another subject (controller) that has special rights on it. The model is based on the Access Control Matrix model where rows correspond to subjects and columns correspond to objects and subjects, each element contains a set of rights between subject i and object j or between subject i and subject k. For example an action A[s,o] contains the rights that subject s has on object o (example: {own, execute}). When executing one of the 8 rules, for example creating an object, the matrix is changed: a new column is added for that object, and the subject that created it becomes its owner. Each rule is associated with a precondition, for example if subject x wants to delete object o, it must be its owner(A[x,o] contains the 'owner' right ) LimitationsHarrison-Ruzzo-Ullman extended this model by defining a system of protection based on commands made of primitive operations and conditions. See also
References
1 : Computer security models |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。