Skip to content

Page094

Take-Grant

The Take-Grant Protection Model contains rules that govern the interactions between subjects and objects, and permissions subjects can grant to other subjects. Rules include: take, grant, create, and remove. The rules are depicted as a protection graph that governs allowable actions [11]. Each subject and object would be represented on the graph. Fig. 4.5 details a take-grant relationship between the users Alice, Bob, and Carol with regard to each subject's access to the object, “secret documents.” Subject Alice, who is placed in the middle of the graph, can create and remove (c, r) any privileges for the secret documents. Alice can also grant (g) user Carol any of these same privileges. User Bob can take (t) any of user Alice’s privileges.

FIG. 4.5 The take-grant model.

Take-Grant models can be very complex as relationships between subjects and objects are usually much more complex than the one shown here.