A Protection Model Incorporating Both Authorization and Constraints

This paper presents a powerful and flexible protection model which includes both authorizations of open systems and constraints of closed systems. In this model, rules of 'inheritance" determine the authorizations which are created for new data derived by authorized computations from existing data. These rules create a middle-ground between purely discretionary and purely non-discretionary systems. Although the proposed protection model is quite general, it is presented in this paper in the context of a distributed relational database system. The core mechanisms of the model control access to all databases including the authorization and constraint data bases themselves. It is, therefore, a self-regulating and integrated system. The power and flexibility of the model derive from its use of authorizations and constraints as two complementary and interrelated types of control. The tight protection provided by closed systems is maintained since constraints are defined only as a complement to authorizations and not as a substitute. An enforcement algorithm is given which shows how the effects of the authorizations and constraints can be efficiently realized. Among other applications, it is shown how this model provides a useful, partial answer to the question of safety decidability