Models and technologies of safety, Matrix model - Informatics

Security Models and Technologies

Matrix Model

The most effective means of distributing the authorities of subjects in relation to objects is the access matrix (Figure 12.1), in which: the rows correspond to the set subjects that access information, and the columns correspond to the set of objects containing the protected information.

In the matrix model, or the Harrison-Ruzzo-Ulman model [24], discretionary access control (DAC) of subjects to objects and control over the distribution of access rights are realized. The authority to perform the corresponding actions is determined by the set of permissions (owning information, reading, writing, executing the program, adding information, changing information, etc.). The element of the matrix contains a list of the subject's access types to the object , and these types of access belong to the set of access rights R. During the operation of the information system, access to objects is controlled by a special monitor that intercepts, verifies and suppresses all unauthorized attempts to access objects. Therefore, the subject receives the access it initiates to the object only if the element of the matrix contains the authority to perform the appropriate actions. If the subject owns the object, he has the opportunity to change the access rights of other entities to this object. If some entity controls another entity, it may deny the access rights of that entity or transfer its access rights to that entity.

Access matrixes are usually implemented in the form:

• Access lists for each object (it is identical to the column of the access matrix corresponding to this object). In practice, access lists are used when creating new objects and determining the order of their use or changing access rights to objects;

• Mandatory lists, which are attributed to each subject (it is equivalent to the rows of access matrices corresponding to this subject). Mandatory lists combine all the rights of the subject.

When a subject has access rights with respect to an object, the pair (object-permissions) is called the mandate of the object. Some operating systems support both types of lists. At the beginning of the work, when the user

Access Matrix

Fig. 12.1. Access Matrix

enters the system or starts the program execution, only access lists are used. At the first attempt to access the access list, the subject's rights to access the object are analyzed and verified. If they have rights, they are assigned to the subject's mandate list, and access rights are subsequently checked against this list. When you use both types of lists, the access list is often located in the file dictionary, and the credential list is in the RAM when the subject is active.

The access matrix can be implemented with the help of the so-called mechanism of locks and keys , the essence of which is as follows. Each subject is endowed with a certain type (A) and has a lock (3) and a key (K) as a sequence of characters. Each subject is also given a sequence of symbols, called a key. If the subject wants to access type A to an object (to another subject), then first it is revealed whether he owns the key to the pair (A, 3) of this object.

The drawbacks of using access matrices with all subjects and objects include limitations on the dimension of matrices. To reduce it, we apply compression methods based on grouping users (for example, with the same powers), terms, protected data.

thematic pictures

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)