|
The HRU security model (Harrison, Ruzzo, Ullman model) is an operating system level computer security model which deals with the integrity of access rights in the system. It is an extension of the Graham-Denning model, based around the idea of a finite set of procedures being available to edit the access rights of a subject on an object . It is named after its three authors, Michael A. Harrison, Walter L. Ruzzo and Jeffrey D. Ullman.〔 Along with presenting the model, Harrison, Ruzzo and Ullman also discussed the possibilities and limitations of proving the safety of systems using an algorithm.〔 == Description of the model == The HRU model defines a ''protection system'' consisting of a set of generic rights ''R'' and a set of commands ''C''. An instantaneous description of the system is called a ''configuration'' and is defined as a tuple of current subjects , current objects and an access matrix . Since the subjects are required to be part of the objects, the access matrix contains one row for each subject and one column for each subject and object. An entry for subject and object is a subset of the generic rights . The commands are composed of primitive operations and can additionally have a list of pre-conditions that require certain rights to be present for a pair of subjects and objects. The primitive requests can modify the access matrix by adding or removing access rights for a pair of subjects and objects and by adding or removing subjects or objects. Creation of a subject or object requires the subject or object not to exist in the current configuration, while deletion of a subject or object requires it to have existed prior to deletion. In a complex command, a sequence of operations is executed only as a whole. A failing operation in a sequence makes the whole sequence fail, a form of database transaction. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「HRU (security)」の詳細全文を読む スポンサード リンク
|