Graham-Denning model
Encyclopedia
The Graham-Denning Model is a computer security model
that shows how subjects and objects should be securely created and deleted.
It also addresses how to assign specific access rights. It is mainly used in access control mechanisms for distributed systems.
The model has eight basic protection rules (actions) that outline:
Moreover, each object has an owner that has special rights on it, and each subject has another subject (controller) that has special rights on it.
The model is based on the Access Control Matrix
model where rows correspond to subjects and columns correspond to objects and subjects, each element contains a set of rights between subject i and object j or between subject i and subject k.
For example an action A[s,o] contains the rights that subject s has on object o (example: {own, execute}).
When executing one of the 8 rules, for example creating an object, the matrix is changed: a new column is added for that object, and the subject that created it becomes its owner.
Each rule is associated with a precondition, for example if subject x wants to delete object o, it must be its owner(A[x,o] contains the 'owner' right )
extended this model by defining a system of protection based on commands made of primitive operations and conditions.
Computer security model
A computer security model is a scheme for specifying and enforcing security policies.A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all....
that shows how subjects and objects should be securely created and deleted.
It also addresses how to assign specific access rights. It is mainly used in access control mechanisms for distributed systems.
Features
This model addresses the security issues associated with how to define a set of basic rights on how specific subjects can execute security functions on an object.The model has eight basic protection rules (actions) that outline:
- How to securely create an object.
- How to securely create a subject.
- How to securely delete an object.
- How to securely delete a subject.
- How to securely provide the read access right.
- How to securely provide the grant access right.
- How to securely provide the delete access right.
- How to securely provide the transfer access right.
Moreover, each object has an owner that has special rights on it, and each subject has another subject (controller) that has special rights on it.
The model is based on the Access Control Matrix
Access Control Matrix
In computer science, an Access Control Matrix or Access Matrix is an abstract, formal security model of protection state in computer systems, that characterizes the rights of each subject with respect to every object in the system. It was first introduced by Butler W...
model where rows correspond to subjects and columns correspond to objects and subjects, each element contains a set of rights between subject i and object j or between subject i and subject k.
For example an action A[s,o] contains the rights that subject s has on object o (example: {own, execute}).
When executing one of the 8 rules, for example creating an object, the matrix is changed: a new column is added for that object, and the subject that created it becomes its owner.
Each rule is associated with a precondition, for example if subject x wants to delete object o, it must be its owner(A[x,o] contains the 'owner' right )
Limitations
Harrison-Ruzzo-UllmanHRU (security)
The HRU security model is an operating system level computer security model which deals with the integrity of access rights in the system. It is an extension of the Graham-Denning model, based around the idea of a finite set of procedures being available to edit the access rights of a subject s on...
extended this model by defining a system of protection based on commands made of primitive operations and conditions.
See also
- Access Control MatrixAccess Control MatrixIn computer science, an Access Control Matrix or Access Matrix is an abstract, formal security model of protection state in computer systems, that characterizes the rights of each subject with respect to every object in the system. It was first introduced by Butler W...
- Bell-La Padula model
- Biba modelBiba modelThe Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977, is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity...
- Brewer and Nash modelBrewer and Nash modelThe Brewer and Nash model was constructed to provide information security access controls that can change dynamically. This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest in commercial organizations, and is built upon an...
- Clark-Wilson modelClark-Wilson modelThe Clark-Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system.The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing corruption of data items in a...
- Harrison-Ruzzo-Ullman modelHRU (security)The HRU security model is an operating system level computer security model which deals with the integrity of access rights in the system. It is an extension of the Graham-Denning model, based around the idea of a finite set of procedures being available to edit the access rights of a subject s on...