The HRU security model (Harrison, Ruzzo, Ullman model) is an operating system level computer security model which deals with the integrity of access rights in the system. It is an extension of the Graham-Denning model, based around the idea of a finite set of procedures being available to edit the access rights of a subject on an object .

The security model proposed by Harrison, Ruzzo, and Ullman (HRU) is a discretionary access control model. In HRU, the current set of access rights at any given time can be represented by a matrix, with one row for each subject and one column …

The HRU Model – States Definition . A state, i.e. an access matrix M, is said to leak the right r if there exists a command c that adds the right r into an entry in the access matrix that previously did not contain r. More formally, there exist s and o such that r …

发表了他们关于操作系统保护的基本理论 ，描述了hru 模型。模型使用的基本概念包括：主体、客体、访问矩阵、格局、 操作、命令和保护系统．其中访问矩阵是hru模型中的最主 要的概念之一。保护系统的定义如下： hru模型的一个保护系统由以下两部分构成：

Objectives of the HRU Work Provide a model that is sufficiently powerful to encode several access control approaches, and precise enough so that security properties can be analyzed Introduce the “safety problem” Show that the safety problem is decidable in certain cases is undecidable in general is undecidable in monotonic case

2016年6月23日 · HRU模型是访问控制矩阵模型中的一种。 访问矩阵是以主体为行索引、以客体为列索引的矩阵的第i行第j列的矩阵元素 a[si,oj] ⊆ R a [s i, o j] ⊆ R 表示主体 si s i 对客体 oj o j 拥有的权限。 对于文件客体的r、w、a、own都比较清楚。 对于进程的读、写等在不同的系统中可能含义不同。 读：“读”进程可以接收“被读”进程发送的消息。 读：“读”进程可以读取“被读”进程的状态。 系统的保护状态可以用三元组 (S, O, A) (S, O, A) 表示。 假设P是所有的保护状态的集合，Q …

Overview of the HRU Model n The model only considers access rights and changes in the access rights n Is the model good? Can it adequately capture other protection schemes? n The property to be studied in safety n Is the definition of safety meaningful or useful?

This paper focuses on the efficient algorithmic safety analysis of HRU security models. We present the theory and practical application of a method that decomposes a model into smaller and autonomous sub-models that are more efficient to analyze. A recombination of the results then allows to infer safety properties of the original model.

HRU MODEL OF AUTHORIZATION SYSTEM DAC RECENT TRENDS DAC IN DATABASE SYSTEMS Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c 2018 Colorado State University – 9 / 45 Consists of An initial access matrix The initial state A finite set of HRU commands expressed as a program that operates on the access matrix

2018年7月11日 · HRU and Graham-Denning are both computer security models that define the interaction between subjects, objects and actions. They are similar in that they all define a set of subjects, a set of objects and a an access control matrix. They are different in regards to how to modify, and who can modify these rights.