Access Control Matrix

Access Control Matrix

Access Control Matrix or Access Matrix is an abstract, formal computer protection and security model used in computer systems, that characterizes the rights of each subject with respect to every object in the system. It was first introduced by Butler W. Lampson in 1971. [ cite conference
first = Butler W.
last = Lampson
title = Protection
booktitle = Proceedings of the 5th Princeton Conference on Information Sciences and Systems
year = 1971
pages = 437 ] It is the most general description of operating system protection mechanism.Landwehr 1981]

Definition

According to the model a computer system consists of a set of objects O, that is the set of entities that needs to be protected (e.g. processes, files, memory pages) and a set of subjects S, that consists of all active entities (e.g. users, processes). Further there exists a set of rights R of the form r(s,o), where s in S, o in O and r(s,o) in R. A right thereby specifies the kind of access a subject is allowed to process with regard to an object.

Example

In this matrix example there exists two processes, a file and a device. The first process has the ability to execute the second, read the file and write some information to the device, while the second process can only send information to the first.



Utility

Because it does not define the granularity of protection mechanisms, the Access Control Matrix can be used as a model of the static access permissions in any type of access control system. It does not model the rules by which permissions can change in any particular system, and therefore only gives an incomplete description of the system's access control security policy.

An Access Control Matrix should be thought of only as an abstract model of permissions at a given point in time; a literal implementation of it as a two-dimensional array would have excessive memory requirements. Capability-based security and access control lists are categories of concrete access control mechanisms whose static permissions can be modeled using Access Control Matrices. Although these two mechanisms have sometimes been presented (for example in Butler Lampson's [http://portal.acm.org/citation.cfm?id=775268 "Protection"] paper) as simply row-based and column-based "implementations" of the Access Control Matrix, this view has been criticized as drawing a misleading equivalence between systems that does not take into account dynamic behaviour. [ cite paper
author = Mark S. Miller, Ka-Ping Yee, Jonathan Shapiro.
title = Capability Myths Demolished.
date = March 2003
url = http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf
format = PDF
version = Technical Report SRL2003-02
publisher = Systems Research Laboratory, Department of Computer Science,Johns Hopkins University ]

ee also

* Capability-based security
* Access control list (ACL)
* Computer security policy
* Computer security model

References

* cite book
last = Bishop | first = Matt
title = Computer security: art and science
publisher = Addison-Wesley
year = 2004

*Carl E. Landwehr " [http://crypto.stanford.edu/~ninghui/courses/Fall03/papers/landwehr_survey.pdf Formal Models for Computer Security] " [http://doi.acm.org/10.1145/356850.356852] Volume 13 , Issue 3 (September 1981) pp. 247 - 278


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Access control — is the ability to permit or deny the use of a particular resource by a particular entity. Access control mechanisms can be used in managing physical resources (such as a movie theater, to which only ticketholders should be admitted), logical… …   Wikipedia

  • Discretionary Access Control — (DAC) oder Benutzerbestimmbare Zugriffskontrolle ist ein Sicherheitskonzept für IT Systeme. Hierbei wird die Entscheidung, ob auf eine Ressource zugegriffen werden darf, allein auf der Basis der Identität des Akteurs getroffen. Das heißt, die… …   Deutsch Wikipedia

  • Matrix of Leadership — Plot element from the Transformers franchise Publisher Marvel Comics (introduction only) First appearance Transformers issue 10 (November 1985) Created by Bob Budiansky …   Wikipedia

  • Access Virus — The Access Virus is a German made virtual analog synthesizer which was first produced in 1997 and has since been upgraded frequently, with the company releasing new models about every two years. The latest of these are the Access Virus TI, Polar… …   Wikipedia

  • Matrix (Doctor Who) — This article is about the Gallifreyan computer system in the television programme, Doctor Who. For the Past Doctor Adventures novel, see Matrix (Doctor Who novel). The Matrix, in the long running British science fiction television series Doctor… …   Wikipedia

  • Control store — A control store is the part of a CPU s control unit that stores the CPU s microprogram. It is usually accessed by a microsequencer. Early control stores were implemented as a diode array accessed via address decoders, a form of read only memory.… …   Wikipedia

  • Code division multiple access — This article is about a channel access method. For the mobile phone technology referred to as CDMA, see IS 95 and CDMA2000. Multiplex techniques Circuit mode (constant bandwidth) TDM · FDM  …   Wikipedia

  • List of ships in the Matrix series — This article is about the hovercraft ships shown in the fictional universe of The Matrix series of science fiction films, comic books and video games. The Animatrix short film The Second Renaissance depicts the war between men and machines which… …   Wikipedia

  • List of programs and machines in the Matrix series — Below is a list composing of all the artificial characters from The Matrix series of science fiction films, comic books and video games.FilmsThe following characters appear primarily in the Matrix films, but many are also present in the comic… …   Wikipedia

  • Neo (The Matrix) — Thomas Anderson / Neo The Matrix character Neo in The Matrix Reloaded First appearance The Matrix …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”