Safety
- primitve operation: the atomic actions of the protection model
- commands: useful. commonly used collections of primitive
operations
- mono-operational: all commands are primitive operations
- "leaks": a command leaks a given right if its execution can cause
the right to be propogated to a subject not previously possessing that
right
- safety: an initial state/configuration is safe for a given right
if there does not exist a reachable state within which a command leaks
that right
- decidability: safety is decidable for a mono-operational system.
safety is not decidable for an arbitrary configuration of an arbitrary
protection system
however, safety may be decidable for specific protection systems
Take-Grant Model
Bell-LaPadula Model
Go Back to the Operating Systems page.