Gourt Home::Gourt :: Access Control Matrix
Access Control Matrix or Access Matrix is an abstract, formal security model used in computer systems, that characterizes the rights of each subject with respect to every object in the system. It was first introduced by Butler W. Lampson 1971.
Definition
According to the model a computer system consists of a set of objects , that is the set of entities that needs to be protected (e.g. processes, files, memory pages) and a set of subjects , that consists of all active entities (e.g. users, processes). Further there exists a set of rights of the form , where , and . A right thereby specifies the kind of access a subject is allowed to process with regard to an object.
Example
In this matrix example there exists two processes, a file and some device. The first process has the ability to execute the second, read the file and write some information to the device, while the second process can only send information to the first.
| process 1 | process 2 | file | device | |
| process 1 | read, write, execute, own | execute | read | write |
| process 2 | read | read, write, execute, own |
Utility
The Access Control Matrix is the elementary abstraction mechanism in computer security. Because it does not define the granularity of protection mechanisms, it can be used to express any access control-security policy. As concrete model used by a system for access control decisions it is less usable, because of its memory requirements and static properties. In view of security mechanisms, capability lists and access control lists are alternatives, which can be thought as rows and columns of the access control matrix.
See also
- Capability-based security
- Access control list (ACL)
- Computer security policy
- Computer security model
References
- Butler W. Lampson, Protection; Proceedings of the 5th Princeton Conference on Information Sciences and Systems, Princeton, 1971, p.437.
"Access Control Matrix"