Access Control List

Definition

Access Control List

An access control list (ACL) is a column-wise decomposition of the access matrix. Each object stores a list of $⟨ domain, rights ⟩$ pairs.

For object $o_{j}$ , the ACL is:
$ACL (o_{j}) = {⟨ d_{i}, A [d_{i}, o_{j}]⟩ ∣ A [d_{i}, o_{j}] \neq = \emptyset}$

Object-Centric

Each object is associated with a list. Changing permissions for an object is efficient: modify only that object’s ACL.

Subject Verification

The reference monitor checks the subject against the list of the accessed object.

Authentication

ACLs rely on authentication: the system needs to know the user (subject) to perform the check.

Examples

Unix File ACL

A Unix file stores permissions as an ACL:

Owner: read, write, execute

Group: read, execute

Others: read

Lukas' Notes

Access Control List

Table of Contents

Definition

Object-Centric

Subject Verification

Authentication

Examples

Backlinks