The area of computer systems protection has been acclaimed as a very important one, and there is a vast amount of literature on the subject (including several books). However, implementations of protection mechanisms tend to be ad-hoc and there is a lack of quantitative theoretical results upon which one can base decisions and abstract the essence of protection. This paper is the first to present a mathematically rigorous definition (with proofs) of the degree of protection of a system. It is hoped that this alternatives to and generalizations of current implementations and to some of the trade-offs involved in these alternatives. Ultimately, it is hoped that this presentation will contribute to a general Theory of Protection. This investigation is directed toward an analysis and comparison of access mechanisms defined by a family of Boolean functions. Some definitions are stated, and some theorems are proved which are valid for all access mechanisms within the family considered. Algorithms are presented for the optimal and for several types of structured systems. It is proven that for a very general class of systems, the optimal assignment will still allow n/2(ɤ-1) unauthorized accesses to objects where n is the number of subjects and ɤ is the largest integer not greater than the quantity n divided by the number of access classes.
Ellis, Clarence A., "Analysis of Some Abstract Measures of Protection in Computer Systems ; CU-CS-043-74" (1974). Computer Science Technical Reports. 42.