This Article 
 Bibliographic References 
 Add to: 
An Access Control Model and Its Use in Representing Mental Health Application Access Policy
February 1996 (vol. 8 no. 1)
pp. 81-95

Abstract—This paper considers an access control model and proposes extensions to it to deal with authentication and revocation. The model is then applied to represent access control policy in a mental health system.

In the first part of the paper, extensions to the Schematic Protection Model (SPM) are presented. The authentication and revocation extensions are independent of one another in the sense that each one affects a different part of the decision algorithm. The extensions comprise a modification of the syntax to be able to represent the new concepts and, more importantly, a modification of the decision algorithm for the safety problem to take these changes into account.

We introduce the concept of conditional tickets and use it to provide authentication. Apart from this, we have found this concept to be useful in modeling systems. Hence we have separated this (syntactical) issue from the definition of the new algorithm.

The second part considers the access policy for a mental health application. We have used the extensions of SPM to model part of this access policy. Even with our extensions, SPM still remains a monotonic model, where rights can be removed only in very special cases, and this makes it impossible to represent all the aspects of the problem. Other than to serve as an example for the extensions we propose, this paper also helps to separate aspects of this access control policy which are inherently monotonic from parts which are defined in a non-monotonic way, but can still be represented in a monotonic model.

[1] M. Davis,"Media Streams: An Iconic Visual Language for Video Representation," Readings in Human-Computer Interaction: Toward the Year 2000, R.M. Baecker et al., eds., 2nd ed., Morgan Kaufmann, San Francisco, 1995, pp. 854-866.
[2] R.S. Sandhu,"The schematic protection model: Its definition and analysis for acyclic attenuating schemes," J. ACM, vol. 35, no. 2, pp. 404-432, 1988.
[3] R.S. Sandhu,"Expressive power of the schematic protection model," J. Computer Security, vol. 1, no. 1, pp. 59-98, 1992.
[4] R.S. Sandhu,"Undecidability of safety for the schematic protection model with cyclic creates," J. Computer and System Science, vol. 44, no. 1, pp. 141-159, Feb. 1992.
[5] N. Minsky,"Selective and locally controlled transport of privileges," Trans. Programming Languages and Systems, vol. 6, no. 4, pp. 573-602, 1984.
[6] V. Varadharajan,P. Allen, and S. Black,"An analysis of the proxy problem in distributed systems," Proc. 1991 IEEE Symp. Security and Privacy, May 1991.
[7] C. Calvelli and V. Varadharajan,"Representation of mental health application access policy in a monotonic model," Proc. 1993 IEEE Computer Security Applications Conf., Dec. 1993.
[8] M. Gasser and E. McDermott, "An Architecture for Practical Delegation in a Distributed System," Proc. 1990 IEEE Symp. Research in Security and Privacy, IEEE CS Press, Los Alamitos, Calif., 1990, pp. 20-30.
[9] C. Calvelli and V. Varadharajan,"Authentication and revocation in SPM," extended abstract, ACM Operating Systems Review, 1993.
[10] V. Varadharajan and C. Calvelli,"Extending the schematic protection model—I: Authentication and conditional tickets," Proc. 1994 IEEE Symp. Research in Security and Privacy,Oakland, Calif., May 1994.
[11] L. Notargiacomo and R.D. Graubart,"Mental health delivery: The problem solved?" report, MITRE Corporation.

Index Terms:
Access control models, conditional tickets, authentication, revocation of rights, mental health access policy.
Vijay Varadharajan, Claudio Calvelli, "An Access Control Model and Its Use in Representing Mental Health Application Access Policy," IEEE Transactions on Knowledge and Data Engineering, vol. 8, no. 1, pp. 81-95, Feb. 1996, doi:10.1109/69.485638
Usage of this product signifies your acceptance of the Terms of Use.