Access Control

security

Definition

Access Control

Access control is the enforcement of a security policy that determines which subjects (users, processes) may perform which operations on which objects (files, devices, resources).

Formally, an access control system consists of:

• A set of subject $S$
• A set of objects $O$
• A set of operations (rights) $R$
• An access policy that grants or denies requests

Protection Domain

Definition

Protection Domain

A protection domain defines the set of objects a subject may access and the operations permitted on each.

A subject operates within exactly one domain at any time. The domain determines the boundaries of what the subject can do.

Link to original

Access Matrix

Definition

Access Matrix

The access matrix is a formal model where rows represent domains $D=\{d_1,d_2,\dots \}$ and columns represent objects $O=\{o_1,o_2,\dots \}$. Each cell $A[d_i,o_j]\subseteq R$ contains the set of access rights domain $d_i$ holds for object $o_j$.

$$A=\begin{array}{cccc}& o_1& o_2& o_3\\ d_1& \{r,w\}& \varnothing & \{x\}\\ d_2& \varnothing & \{r\}& \{r,w\}\\ d_3& \{x\}& \{r,x\}& \varnothing \end{array}$$

The matrix is typically sparse. Practical systems decompose it along one dimension.

Link to original

Lock-Key System

Lock-Key System

In a lock-key system, each object $o_j$ has a set of locks $L_j$ (unique bit patterns), and each domain $d_i$ holds a set of keys $K_i$. Access is granted if $K_i\cap L_j\ne \varnothing$.

The lock-key mechanism provides a middle ground between ACLs and capabilities. Like capabilities, possession of a key grants authority. Like ACLs, the object maintains information (locks) about who may access it.

Models

Mandatory

Definition

Mandatory Access Control

Mandatory access control (MAC) is an access control model in which the security policy is set and modified centrally by a trusted administrator.

Link to original

Discretionary

Definition

Discretionary Access Control

Discretionary access control (DAC) is an access control model in which subjects can freely delegate, revoke, and modify access rights to objects for which they have certain access rights.

Link to original