Access Control Systems: Security, Identity Management and Trust Models

Chapter 6: The Take-Grant Protection Model

Introduction

The take-grant (TG) protection model was introduced by Lipton and Snyder [LIPT77] in 1977 and subsequently analyzed in considerable detail by a number of authors [BISH79, BISH88, BISK84, SNYD81]. The name of this model is derived from the fact that it is based on two key-access rights take and grant. These two rights control the propagation of other primitive permissions (such as read and write) and hence drive the flow of information among the protected entities of a system. Information flow in the take-grant model is elegantly modeled using directed graphs and can be viewed as a generalization of the transitive closure problems.

Unlike the Harrison, Ruzzo, and Ullman model that is discussed in the previous chapter, the take-grant model is simple and has linear time algorithms for deciding safety. But the take-grant scheme lacks the expressive capability exhibited in the HRU model. Nevertheless, it lends itself to various practical systems. In that respect, this model represents an interesting departure from the demarcation of decidable and undecidable protection systems set by the HRU model as noted by Sandhu [SAND92b]. Early analysis of the TG model dealt with the transfer of access rights under the assumption that active entities of the system cooperate in achieving the transfers. Such transfers are known as sharing or conspiring. Later analysis dealt with the conditions under which rights can be propagated without necessarily involving the cooperation of system subjects. The term theft is used to describe such...

UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Category: Professional Certification Programs
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.