The transfer of information and authority in a protection system

Matt Bishop, Lawrence Snyder
1979 Proceedings of the seventh symposium on Operating systems principles - SOSP '79  
In the context of a capability-based protection system, the term "transfer" is used (here) to refer to the situation where a user receives information when he does not initially have a direct "right" to it. Two transfer methods are identified: de jure transfer refers to the case when the user acquires the direct authority to read the information; de facto transfer refers to the case when the user acquires the information (usually in the form of a copy and with the assistance of others), without
more » ... of others), without necessarily being able to get the direct authority to read the information. The Take-Grant Protection Model, which already models de jure transfers, is extended with four rewriting rules to model de facto transfer. The configurations under which de facto transfer can arise are characterized.
doi:10.1145/800215.806569 dblp:conf/sosp/BishopS79 fatcat:cjtbvq552zbf7dqi3s5llkc3be