Safety analysis is a fundamental problem in authorization models. Safety decidable models provide theoretical foundations for decentralized security administration. Attributes of objects are central to usage control authorization models. It has previously been shown that inclusion of a single infinite attribute leads to undecidable safety, even without any creation of objects. Therefore unrestricted inclusion of infinite attributes is not possible in a safety decidable model. On the other hand, it has recently been shown that the safety problem for the pre-authorization usage control sub-model with finite attribute domains, called ${PreUCON_A^{finite}}$PreUCONAfinite, is decidable even with unbounded object creation. A major limitation of finite attributes is the inability to link objects through attribute values in presence of unbounded object creation (since attributes that reference other objects must be infinite in this case). It would be desirable to have safety-decidable attribute-based models which include both finite and infinite attributes (necessarily with some restrictions). This paper develops a pre-authorization usage control sub-model, called ${PreUCON}_A^{id}$PreUCONAid, with attribute domains solely comprised of infinite object identifiers with considerable restrictions on how these attributes can be updated. Safety decidability for ${PreUCON}_A^{id}$PreUCONAid is proved by defining the notion of $\omega$ω-equivalent usage configurations, and showing that the reachable set of $\omega$ω-equivalent usage configurations is computable and can be used to answer safety questions. The utility of such models in practice is illustrated by means of an example. The paper further shows that addition of even a single finite domain attribute to ${PreUCON}_A^{id}$PreUCONAid results in undecidable safety. These results indicate that combining finite and infinite attributes in a safety decidable model is a challenging task, which will likely require carefully crafted restrictions on updates to these attributes. The formulation of such a model remains an important open question.

中文翻译：

---

具有标识符属性域的预授权使用控制的安全可判定性

安全分析是授权模型中的一个基本问题。安全可判定模型为分散安全管理提供了理论基础。对象的属性是使用控制授权模型的核心。先前已经表明，即使没有任何对象的创建，包含单个无限属性也会导致不可判定的安全性。因此，在安全可判定模型中不可能无限制地包含无限属性。另一方面，最近已经表明，具有有限属性域的预授权使用控制子模型的安全问题称为${PreUCON_A^{有限}}$磷r电子你C哦N一种F一世n一世吨电子, 即使创建无界对象也是可判定的。有限属性的一个主要限制是无法在存在无限对象创建的情况下通过属性值链接对象（因为在这种情况下引用其他对象的属性必须是无限的）。需要具有安全可判定的基于属性的模型，其中包括有限和无限属性（必须有一些限制）。本文开发了一个预授权使用控制子模型，称为${PreUCON}_A^{id}$磷r电子你C哦N一种一世d，属性域仅由无限对象标识符组成，对如何更新这些属性有相当大的限制。安全可判定性${PreUCON}_A^{id}$磷r电子你C哦N一种一世d 通过定义的概念证明 $\omega$ω-等效的使用配置，并显示可访问的集合 $\omega$ω-等效使用配置是可计算的，可用于回答安全问题。通过一个例子说明了这些模型在实践中的实用性。该论文进一步表明，即使将单个有限域属性添加到${PreUCON}_A^{id}$磷r电子你C哦N一种一世d导致无法确定的安全性。这些结果表明，在安全可判定模型中结合有限和无限属性是一项具有挑战性的任务，这可能需要对这些属性的更新进行精心设计的限制。这种模型的制定仍然是一个重要的未决问题。