- Access Control Matrix
Access Control Matrix or Access Matrix is an abstract, formal computer protection and security model used in computer systems, that characterizes the rights of each subject with respect to every object in the system. It was first introduced by
Butler W. Lampson in 1971. [ cite conference
first = Butler W.
last = Lampson
title = Protection
booktitle = Proceedings of the 5th Princeton Conference on Information Sciences and Systems
year = 1971
pages = 437 ] It is the most general description ofoperating system protection mechanism .Landwehr 1981]Definition
According to the model a computer system consists of a set of objects , that is the set of entities that needs to be protected (e.g. processes, files, memory pages) and a set of subjects , that consists of all active entities (e.g. users, processes). Further there exists a set of rights of the form , where , and . A right thereby specifies the kind of access a subject is allowed to process with regard to an object.
Example
In this matrix example there exists two processes, a file and a device. The first process has the ability to execute the second, read the file and write some information to the device, while the second process can only send information to the first.
Utility
Because it does not define the granularity of protection mechanisms, the Access Control Matrix can be used as a model of the static access permissions in any type of
access control system. It does not model the rules by which permissions can change in any particular system, and therefore only gives an incomplete description of the system's access controlsecurity policy .An Access Control Matrix should be thought of only as an abstract model of permissions at a given point in time; a literal implementation of it as a two-dimensional array would have excessive memory requirements.
Capability-based security andaccess control list s are categories of concrete access control mechanisms whose static permissions can be modeled using Access Control Matrices. Although these two mechanisms have sometimes been presented (for example in Butler Lampson's [http://portal.acm.org/citation.cfm?id=775268 "Protection"] paper) as simply row-based and column-based "implementations" of the Access Control Matrix, this view has been criticized as drawing a misleading equivalence between systems that does not take into account dynamic behaviour. [ cite paper
author = Mark S. Miller, Ka-Ping Yee, Jonathan Shapiro.
title = Capability Myths Demolished.
date = March 2003
url = http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf
format =PDF
version = Technical Report SRL2003-02
publisher = Systems Research Laboratory, Department of Computer Science,Johns Hopkins University ]ee also
*
Capability-based security
*Access control list (ACL)
*Computer security policy
*Computer security model References
* cite book
last = Bishop | first = Matt
title = Computer security: art and science
publisher = Addison-Wesley
year = 2004*Carl E. Landwehr " [http://crypto.stanford.edu/~ninghui/courses/Fall03/papers/landwehr_survey.pdf Formal Models for Computer Security] " [http://doi.acm.org/10.1145/356850.356852] Volume 13 , Issue 3 (September 1981) pp. 247 - 278
Wikimedia Foundation. 2010.