Post on 21-Jan-2016
description
© 2004 Ravi Sandhuwww.list.gmu.edu
The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM)
Ravi SandhuLaboratory for Information Security Technology
George Mason Universitywww.list.gmu.edusandhu@gmu.edu
2
© 2004 Ravi Sandhuwww.list.gmu.edu
Outline
• TAM: Typed Access Matrix Model• TAM adds types to HRU and preserves strong safety
results of SPM/ESPM• SO-TAM: Single Object TAM
• SO-TAM manipulates one column of the access matrix at a time and is equivalent to TAM
• ATAM: Augmented TAM• ATAM adds testing for absence of rights to TAM• ATAM is equivalent to TAM in one sense but more
expressive in another
3
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM adds types to HRU
4
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM adds types to HRU
5
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM commands
6
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM primitive operations
7
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: enter and delete
8
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: create and destroy
9
© 2004 Ravi Sandhuwww.list.gmu.edu
TAM operations: create and destroy
10
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON in TAM
11
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON in TAM
12
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON in TAM
13
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON in TAM
14
© 2004 Ravi Sandhuwww.list.gmu.edu
MTAM: Monotonic TAM
15
© 2004 Ravi Sandhuwww.list.gmu.edu
MTAM Canonical Schemes
16
© 2004 Ravi Sandhuwww.list.gmu.edu
MTAM Canonical Schemes
17
© 2004 Ravi Sandhuwww.list.gmu.edu
ORCON as a MTAM Canonical Scheme
18
© 2004 Ravi Sandhuwww.list.gmu.edu
Acyclic TAM schemes
19
© 2004 Ravi Sandhuwww.list.gmu.edu
Acyclic TAM unfolded state
20
© 2004 Ravi Sandhuwww.list.gmu.edu
Acyclic MTAM unfolded state
21
© 2004 Ravi Sandhuwww.list.gmu.edu
Acyclic MTAM safety
22
© 2004 Ravi Sandhuwww.list.gmu.edu
Ternary MTAM
23
© 2004 Ravi Sandhuwww.list.gmu.edu
Ternary MTAM
24
© 2004 Ravi Sandhuwww.list.gmu.edu
Binary and Unary MTAM
• Unary MTAM• Useless
• Binary MTAM• Single-parent creation or spontaneous double-
child creation• Less expressive than multi-parent creation
25
© 2004 Ravi Sandhuwww.list.gmu.edu
SOTAM: single object TAM
26
© 2004 Ravi Sandhuwww.list.gmu.edu
SOTAM
• SOTAM is equivalent in expressive power to TAM
27
© 2004 Ravi Sandhuwww.list.gmu.edu
ATAM: Augmented TAM
• Allow testing for absence of rights in the conditions of commands
• ATAM is equivalent in expressive power to TAM in unbounded simulation but most likely not in bounded simulation• “Most likely not” has recently been shown to be
“provably cannot”