Jonathon Tidswell

Learn More
Multiserver systems, operating systems composed from a set of hardware-protected servers, initially generated significant interest in the early 1990's. If a monolithic operating system could be decomposed into a set of servers with well-defined interfaces and well-understood protection mechanisms, then the robustness and configurability of operating systems(More)
Assurance that an access control configuration will not result in the leakage of a right to an unauthorized principal, called <i>safety</i>, is fundamental to ensuring that the most basic of access control policies can be enforced. It has been proven that the safety of an access control configuration cannot be decided for a general access control model,(More)
Interprocess (IPC) monitoring enables the examination of any IPC between a <i>source</i> and a <i>destination.</i> IPC monitoring is useful for a variety of purposes, including debugging, logging, and security. For example, a monitor may collect communication state for the purpose of debugging a program consisting of several independent tasks. Also, a(More)
Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in an unsafe configuration arising in the future evolution of the system. In this paper we develop an(More)
In this abstract, we rebut the proposed RBAC unified reference model as defined by Sandhu, Ferriaolo, and Kuhn [4]. As a unified reference model, this proposal simply re-enforces some of the concepts that are fundamental to RBAC (i.e., roles, users, and permissions) without clarifying the more complex concepts. Also, the definitions of the concepts are too(More)
| I n this paper we present the multistage oo-line method, a new and rather natural way to model oo-line packet routing problems, which reduces the problem of oo-line packet routing to that of nding edge disjoint paths on a multistage graph. The multistage oo-line method can model any kind of routing pattern on any graph and can incorporate the size of the(More)
The specification of constraint languages for access control models has proven to be difficult but remains necessary for safety and for mandatory access control policies. While the authorisation relation $(Subject \times Object \rightarrow \pow Right)$ defines the authorised permissions an authorisation schema defines how the various concepts (such as(More)