The HRU security model (Harrison, Ruzzo, Ullman model) is an operating system level computer security model which deals with the integrity of access rights in the system. It is an extension of the Graham-Denning model, based around the idea of a finite set of procedures being available to edit the access rights of a subject on an object .

The security model proposed by Harrison, Ruzzo, and Ullman (HRU) [1] is a discretionary access control model. In HRU, the current set of access rights at any given time can be represented by a matrix, with one row for each subject and one column …

2021年3月8日 · 对HRU Definition四个选项的解释如下： Dominant Land Use,Soil,Slop:每个子流域中只有一个HRU,子流域里面积比最大的Land Use,Soil,Slop将会参与模拟。

HRU Model – Safety of States Definition 1: “access to resources without the concurrence of the owner is impossible” [HRU76] Definition 2: “the user should be able to tell whether what he is about to do (give away a right, presumably) can lead to the further leakage of that right to truly unauthorized subjects” [HRU76]

Access control enables controlled sharing of resources (henceforth called objects) among principals (hence-forth called subjects). It is one of the most important areas of research in computer security and has been called the “traditional center of gravity of computer security” [5].

[HRU] We say that a command α(x1,...,xk) leaks generic right r from Q if α, when run on Q, can execute a primitive operation which enters r into a cell of the access matrix which did not previously contain r.

The HRU Model uses a set of six primitive operations to manipulate access rights: create object, destroy object, create subject, destroy subject, enter right, and delete right. The model considers the security of a system by studying the possible sequences of operations that may lead to a violation of the safety property.

2016年6月23日 · HRU模型是访问控制矩阵模型中的一种。 访问矩阵是以主体为行索引、以客体为列索引的矩阵的第i行第j列的矩阵元素 a[si,oj] ⊆ R a [s i, o j] ⊆ R 表示主体 si s i 对客体 oj o j 拥有的权限。 对于文件客体的r、w、a、own都比较清楚。 对于进程的读、写等在不同的系统中可能含义不同。 读：“读”进程可以接收“被读”进程发送的消息。 读：“读”进程可以读取“被读”进程的状态。 系统的保护状态可以用三元组 (S, O, A) (S, O, A) 表示。 假设P是所有的保护状态的集合，Q …

Dorothy Denning, in her 1999 National Computer Systems Security Award: “[HRU] showed that it was theoretically undecidable whether an arbitrary access-matrix model is safe” and, “This result ... showed that there were limits to the widely-used access-matrix model.''

The Safety Problem Given initial state protection scheme (HRU commands) Can r appear in a cell that exists in the initial state and does not contain r in the initial state? More specific question might be: can r appear in a specific cell A[s,o] Safety with respect to r