This Article 
 Bibliographic References 
 Add to: 
Unidirectional Transport of Rights and Take-Grant Control
November 1982 (vol. 8 no. 6)
pp. 597-604
A. Lockman, Department of Computer Science, Rutgers University
One of the most critical and least understood aspects of protection is the exercise of control over the movement of rights between the subjects of a system. The conventional Take-Grant mechanism for exercising such control suffers from a puzzling and unfortunate limitation: it cannot enforce strictly unidirectional channels for the flow of rights. That is, if rights can be moved directly or indirectly from some subject p to another subject q, then one cannot prevent rights from flowing in the opposite direction, from q to p. This property limits the applicability of this mechanism and therefore that of any protection scheme utilizing it. We analyze the nature and ramifications of this limitation and demonstrate that its root cause is the fact that (under this mechanism) a right possessed by a sender suffices to authorize a movement of rights. We propose an alternative, "Take-Receive," model in which this limitation is eliminated, thus enabling the implementation of more useful protection disciplines. We prove this result by analyzing tl-e dynamic behavior of the proposed model.
Index Terms:
transport of rights, Access Control, protection, Take-Grant model
A. Lockman, N. Minsky, "Unidirectional Transport of Rights and Take-Grant Control," IEEE Transactions on Software Engineering, vol. 8, no. 6, pp. 597-604, Nov. 1982, doi:10.1109/TSE.1982.236020
Usage of this product signifies your acceptance of the Terms of Use.