This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Unidirectional Transport of Rights and Take-Grant Control
November 1982 (vol. 8 no. 6)
pp. 597-604
A. Lockman, Department of Computer Science, Rutgers University
One of the most critical and least understood aspects of protection is the exercise of control over the movement of rights between the subjects of a system. The conventional Take-Grant mechanism for exercising such control suffers from a puzzling and unfortunate limitation: it cannot enforce strictly unidirectional channels for the flow of rights. That is, if rights can be moved directly or indirectly from some subject p to another subject q, then one cannot prevent rights from flowing in the opposite direction, from q to p. This property limits the applicability of this mechanism and therefore that of any protection scheme utilizing it. We analyze the nature and ramifications of this limitation and demonstrate that its root cause is the fact that (under this mechanism) a right possessed by a sender suffices to authorize a movement of rights. We propose an alternative, "Take-Receive," model in which this limitation is eliminated, thus enabling the implementation of more useful protection disciplines. We prove this result by analyzing tl-e dynamic behavior of the proposed model.
Index Terms:
transport of rights, Access Control, protection, Take-Grant model
Citation:
A. Lockman, N. Minsky, "Unidirectional Transport of Rights and Take-Grant Control," IEEE Transactions on Software Engineering, vol. 8, no. 6, pp. 597-604, Nov. 1982, doi:10.1109/TSE.1982.236020
Usage of this product signifies your acceptance of the Terms of Use.