The Graham-Denning model is a well-known access control model developed by Michael A. Graham and Peter D. Denning in 1972. It is a formal approach to defining and implementing access control policies in a computer system. The model uses a matrix to represent the privileges that a user has over objects.
The Graham-Denning model is relationship-oriented where each subject-object relationship gets a unique name and a list of permissions associated with it. This model provides an explicit and systematic mechanism to grant and revoke access rights by using the following operations:
Create a new subject
Delete an existing subject
Create a new object
Delete an existing object
Grant permission to a subject to access an object
Revoke permission to a subject to access an object
The Graham-Denning model is based on three main rules:
The create rule: A subject S can create a new subject S' if and only if S has the create access right to S' and S' does not already exist.
The delete rule: A subject S can delete a subject S' if and only if S has the delete access right to S' and S' does not have any active access rights.
The grant rule: A subject S can grant a subject S' a permission P on an object O if and only if S has the grant access right to P and S' does not already have the permission P on O.
Overall, the Graham-Denning model is considered to be a powerful and comprehensive model for access control in computer systems. It provides a formal and precise way to express and enforce access control policies for a wide range of applications.
Ne Demek sitesindeki bilgiler kullanıcılar vasıtasıyla veya otomatik oluşturulmuştur. Buradaki bilgilerin doğru olduğu garanti edilmez. Düzeltilmesi gereken bilgi olduğunu düşünüyorsanız bizimle iletişime geçiniz. Her türlü görüş, destek ve önerileriniz için iletisim@nedemek.page