Some variants of the take-grant protection model (Q801669)

The take-grant protection model has been introduced several years ago in order to describe and to study access control facilities of shared resources in computer systems. A state of the system is modelled by subjects and objects where subjects can possess rights to perform operations, resp. to transport rights, with respect to other subjects or objects. Given an initial state and a set of transformation rules the basic protection problem is to decide whether a subject x can obtain a specific right r with respect to subject/object y. Here the create-rule that produces new subjects or objects is the most crucial rule. This paper studies several variants of the known take-grant-protection model in order to clarify the role of creates for transporting rights. First it is shown that some restricted versions of the create-rule do not have the full power of the original rule such that some undesirable effects can be avoided. Then reflexive rights and a new selfgrant-rule that can simulate the role of the create-rule in transporting right are investigated. It turned out that the results of this paper are related to the send-receive protection model proposed in a series of papers by Naftaly H. Minsky.