KANG, SHYHJER.

Modern computer systems have strong requirements for security. The decentralization of the security functions is becoming necessary due to the complexity and physical distribution of many systems. This study uses a previous model of authorization for decentralized security administration. The concept of file classes is proposed and used for the entire system design as a main motive. Algorithms for delegation of administrative access rights with revocation are designed and implemented. For development of software, top-down and bottom-up methods are adopted. The strategy for design is borrowed from the object-oriented approach. The special "unit" feature of the implementation language--Meridian-Pascal, serves as a window to observe the interaction and coordination of the fundamental data representations. Four basic table structures are defined to control the authorization system. For the delegation and revocation of the administrative access rights, two graph structures are used and implemented to illustrate the logical view of the operations.