HRU (security)
   HOME

TheInfoList



Click Here for Items Related To - HRU (security)
OR:
HRU (security) on:   [Wikipedia]   [Google]   [Amazon]

The HRU security model (
Harrison Harrison may refer to: People * Harrison (name) * Harrison family of Virginia, United States Places In Australia: * Harrison, Australian Capital Territory, suburb in the Canberra district of Gungahlin In Canada: * Inukjuak, Quebec, or " ...
, Ruzzo, Ullman model) is an
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
level
computer security model A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These progra ...
which deals with the
integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. Inte ...
of access rights in the system. It is an extension of the Graham-Denning model, based around the idea of a
finite set In mathematics, particularly set theory, a finite set is a set that has a finite number of elements. Informally, a finite set is a set which one could in principle count and finish counting. For example, :\ is a finite set with five elements. Th ...
of
procedures Procedure may refer to: * Medical procedure * Instructions or recipes, a set of commands that show how to achieve some result, such as to prepare or make something * Procedure (business), specifying parts of a business process * Standard opera ...
being available to edit the access rights of a subject s on an object o. It is named after its three authors, Michael A. Harrison, Walter L. Ruzzo and Jeffrey D. Ullman. Along with presenting the model, Harrison, Ruzzo and Ullman also discussed the possibilities and limitations of proving the safety of systems using an
algorithm In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific Computational problem, problems or to perform a computation. Algorithms are used as specificat ...
.


Description of the model

The HRU model defines a ''protection system'' consisting of a set of generic rights ''R'' and a set of commands ''C''. An instantaneous description of the system is called a ''configuration'' and is defined as a
tuple In mathematics, a tuple is a finite ordered list (sequence) of elements. An -tuple is a sequence (or ordered list) of elements, where is a non-negative integer. There is only one 0-tuple, referred to as ''the empty tuple''. An -tuple is defi ...
(S,O,P) of current subjects S, current objects O and an access matrix P. Since the subjects are required to be part of the objects, the access matrix contains one row for each subject and one column for each subject and object. An entry for subject s and object o is a subset of the generic rights R. The commands are composed of primitive operations and can additionally have a list of pre-conditions that require certain rights to be present for a pair (s,o) of subjects and objects. The primitive requests can modify the access matrix by adding or removing access rights for a pair of subjects and objects and by adding or removing subjects or objects. Creation of a subject or object requires the subject or object not to exist in the current configuration, while deletion of a subject or object requires it to have existed prior to deletion. In a complex command, a sequence of operations is executed only as a whole. A failing operation in a sequence makes the whole sequence fail, a form of
database transaction A database transaction symbolizes a unit of work, performed within a database management system (or similar system) against a database, that is treated in a coherent and reliable way independent of other transactions. A transaction generally rep ...
.


Discussion of safety

Harrison, Ruzzo and Ullman discussed whether there is an algorithm that takes an arbitrary initial configuration and answers the following question: is there an arbitrary sequence of commands that adds a generic right into a cell of the access matrix where it has not been in the initial configuration? They showed that there is no such algorithm, thus the problem is undecidable in the general case. They also showed a limitation of the model to commands with only one primitive operation to render the problem decidable.


See also

* EROS - Extremely Reliable Operating System


References

{{reflist, refs= {{cite journal , first1 = Michael A. , last1 = Harrison , first2 = Walter L. , last2 = Ruzzo , first3 = Jeffrey D. , last3 = Ullman , citeseerx = 10.1.1.106.7226 , title = Protection in Operating Systems , journal = Communications of the ACM , volume = 19 , issue = 8 , pages = 461–471 , date=August 1976 , doi=10.1145/360303.360333 Capability systems Computer security models