Abstract
Under the premise that there is a tradeoff between the amount of protection within a computer system and the system cost, this paper investigates some theoretical measures of protection within systems. A system simply consists of any number of active elements, called subjects, that make use of passive elements, called objects. The investigation is restricted to an analysis and comparison of access mechanisms defined by a family of boolean functions. Some definitions are stated, and some theorems are proved that are valid for all mechanisms within the family considered. Algorithms are presented for the optimal assignment of access codes to subjects are objects for unstructured systems and for several types of structured systems. It is proven that for a very general class of systems, the optimal assignment will still allow at least (n/2)(γ- 1) unauthorized accesses to objects, wheren is the number of subjects, and γ is the largest integer not greater than the quantityn divided by the number of access classes.
Similar content being viewed by others
References
R. B. Ash,Information Theory (Interscience, New York, 1965).
J. M. Carroll and P. M. McLellan, “The data security environment of Canadian resource-sharing systems,”Infor 9(1):58–67 (March 1971).
A. Ehrenfeucht, private communications.
G. S. Graham and P. J. Denning, “Protection-principles and practice,”Proc. AFIPS 1972 SJCC, Vol. 40 (AFIPS Press, Montvale, N. J.), pp. 417–429.
R. M. Graham, “Protection in an information processing utility,”Commun. ACM 11(5):365–369 (May 1968).
P. B. Hansen, ed.,RC-4000 Software Multiprogramming System (A/S Regnecentralen, Copenhagen, February 1971).
L. J. Hoffman, “Computers and privacy: a survey,”Comput. Surv. 1(2):85–104 (June 1969).
L. J. Hoffman, “The Formulary Model for Access Control and Privacy in Computer Systems,” Ph.D. thesis, Stanford Linear Accelerator Center, Stanford University (SLAC-117) (May 1970).
IBM Operating System/360, Concepts and Facilities, Document C28-6535.
A. K. Jones, “Protection in Programmed Systems,” Ph.D. thesis, Carnegie-Mellon University, Department of Computer Science (June 1973).
H. Katzan,Computer Data Security (Van Nostrand-Reinhold, Cincinnati, 1973).
D. E. Knuth,The Art of Computer Programming, Vol. 1 (Addison-Wesley, Reading, Mass., 1969).
B. W. Lampson, “Protection,”Proc. Fifth Annual Princeton Conference on Information Sciences and Systems, Princeton University (March 1971), pp. 437–443.
G. J. Nutt, “Multi Associative Processor Evaluation Study,” MAP memo no. 1, University of Colorado, Department of Computer Science (November 1973).
J. Palme, “Software security,”Datamation, 51–55 (January 1974).
B. Peters, “Security Considerations in a Multiprogrammed Computer System,”Proc. AFIPS 1967 SJCC, Vol. 30 (AFIPS Press, Montvale, N. J.), pp. 283–286.
M. D. Shroeder and J. H. Saltzer, “A hardware architecture for implementing protection rings,”Commun. ACM 15(3):157–170 (March 1972).
H. Weiss, “Computer security, an overview,”Datamation, 42–47 (January 1974).
C. Weissman, “Trade-off Considerations in Security System Design,”Seminar on Privacy: Legal and Technical Protection in the Computer Age (October 1970), 13 pp.
T. Dodge, “Boolean Encoded Access Authorization,” Master's thesis, Department of Computer Science, University of Colorado (August 1976).
E. I. Organick,The Multics System: An Examination of Its Structure (MIT Press, Cambridge, Mass., 1972).
Author information
Authors and Affiliations
Additional information
This work was partially supported by NSF Grant GJ-660.
Rights and permissions
About this article
Cite this article
Ellis, C.A. Analysis of some abstract measures of protection in computer systems. International Journal of Computer and Information Sciences 7, 219–251 (1978). https://doi.org/10.1007/BF00991632
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00991632