Expressive power of the single-object typed access matrix model

Abstract

The single-object typed access matrix (SOTAM) model was recently introduced in the literature by Sandhu and Suri (1992). It is a special case of Sandhu's typed access matrix (TAM) model (1992). In SOTAM individual commands are restricted to modifying exactly one column of the access matrix (whereas individual TAM commands in general can modify multiple columns). Sandhu and Suri have outlined a simple implementation of SOTAM in a distributed environment using the familiar client-server architecture. In particular the stipulation that each-command modifies a single column of the access matrix, is reflected in the desirable property that each command modifies a single access control list corresponding to that column. In this paper we show that TAM and SOTAM are formally equivalent in their expressive power. This result establishes that SOTAM has precisely the same expressive power as TAM, while having a simple implementation at the same time. In a nutshell, this result tells us that manipulation of access control information can be achieved in its most general form by manipulation of a single access control list (ACL) at a time. >