A Model for Data Secure Systems (Part 1).

A description is provided of a conceptual model for a data secure system. The discussion first offers a formal working vocabulary and next, using the intuitive idea of a dichotomy between permissible and impermissible accesses, formalizes the idea with an Extended Logical Data Base and with protection specifications and patterns. These specifications and patterns encompass the traditional identification, authentication, and verification procedures by recognizing that these procedures can be compared solely on the basis of their answers to specific access attempts. A limited calculus of protection patterns is offered, suggesting both comparative and generative operators, and a variety of protection specifications is defined and demonstrated. Finally, a demonstration is made of the fact that it is possible to protect any accessible data in a data base with a proposed protection specification which is independent of the structure and implementation of the data base. (Author)