1981 IEEE Symposium on Security and Privacy (1981)
Oakland, CA, USA
April 27, 1981 to April 29, 1981
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.1981.10004
Allen Stoughton , University of California, Los Angeles
Past work concerning operating system protection has focused on two notions: access control and information flow. Access control or protection matrix based protection systems control the ways in which users may manipulate objects. Information flow or security class based systems control the flow of information between users. Although it has been noted that both notions are essential to real protection systems, no previous work has compared the two notions, or developed a protection model that integrates those notions. This paper compares and contrasts access control and information flow and supports the assertion that both notious are essential to real protection systems. It is argued that the military classification model of information flow poorly models reality, and a new information flow model based on the controlled sharing of secrets is introduced. A protection model that integrates access control and information flow is then developed and formally defined, and some example applications of this model are described.
Access control, Semantics, Operating systems, Lattices, Organizations, Finite element methods, Control systems
A. Stoughton, "Access Flow: A Protection Model which Integrates Access Control and Information Flow," 1981 IEEE Symposium on Security and Privacy(SP), Oakland, CA, 1981, pp. 9.