The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM)

© 2004 Ravi Sandhuwww.list.gmu.edu

The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM)

Ravi SandhuLaboratory for Information Security Technology

George Mason [email protected]

2


Outline

• TAM: Typed Access Matrix Model• TAM adds types to HRU and preserves strong safety

results of SPM/ESPM• SO-TAM: Single Object TAM

• SO-TAM manipulates one column of the access matrix at a time and is equivalent to TAM

• ATAM: Augmented TAM• ATAM adds testing for absence of rights to TAM• ATAM is equivalent to TAM in one sense but more

expressive in another

3


TAM adds types to HRU

4


TAM adds types to HRU

5


TAM commands

6


TAM primitive operations

7


TAM operations: enter and delete

8


TAM operations: create and destroy

9


TAM operations: create and destroy

10


ORCON in TAM

11


ORCON in TAM

12


ORCON in TAM

13


ORCON in TAM

14


MTAM: Monotonic TAM

15


MTAM Canonical Schemes

16


MTAM Canonical Schemes

17


ORCON as a MTAM Canonical Scheme

18


Acyclic TAM schemes

19


Acyclic TAM unfolded state

20


Acyclic MTAM unfolded state

21


Acyclic MTAM safety

22


Ternary MTAM

23


Ternary MTAM

24


Binary and Unary MTAM

• Unary MTAM• Useless

• Binary MTAM• Single-parent creation or spontaneous double-

child creation• Less expressive than multi-parent creation

25


SOTAM: single object TAM

26


SOTAM

• SOTAM is equivalent in expressive power to TAM

27


ATAM: Augmented TAM

• Allow testing for absence of rights in the conditions of commands

• ATAM is equivalent in expressive power to TAM in unbounded simulation but most likely not in bounded simulation• “Most likely not” has recently been shown to be

“provably cannot”

The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM)

Documents

Transcript of The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM)