Access Matrix

security

Definition

Access Matrix

The access matrix is a formal model where rows represent domains $D=\{d_1,d_2,\dots \}$ and columns represent objects $O=\{o_1,o_2,\dots \}$. Each cell $A[d_i,o_j]\subseteq R$ contains the set of access rights domain $d_i$ holds for object $o_j$.

$$A=\begin{array}{cccc}& o_1& o_2& o_3\\ d_1& \{r,w\}& \varnothing & \{x\}\\ d_2& \varnothing & \{r\}& \{r,w\}\\ d_3& \{x\}& \{r,x\}& \varnothing \end{array}$$

The matrix is typically sparse. Practical systems decompose it along one dimension.

Decompositions

Access Control List

Definition

Access Control List

An access control list (ACL) is a column-wise decomposition of the access matrix. Each object stores a list of $⟨\text{domain},\text{rights}⟩$ pairs.

For object $o_j$, the ACL is:

$$\text{ACL}(o_j)=\{⟨d_i,A[d_i,o_j]⟩\mid A[d_i,o_j]\ne \varnothing \}$$

Link to original

Capability List

Definition

Capability List

A capability list is a row-wise decomposition of the access matrix. Each domain stores a list of $⟨\text{object},\text{rights}⟩$ pairs, where one pair is called capability.

For domain $d_i$, the capability list is:

$$\text{C-list}(d_i)=\{⟨o_j,A[d_i,o_j]⟩\mid A[d_i,o_j]\ne \varnothing \}$$

Link to original

Comparison

	ACL	Capabilities
Delegation	Ask the owner / administrator to grant privileges to objects to the desired subject. In operating systems: let specific processes run by one user to act with the privileges of another user.	The capability can be passed to the desired subject at run time.
Revocation	Modify the access rights stored in the ACLs associated to the resources to which access has to be revoked.	Only possible in systems with appropriate bookkeeping. The reference monitor needs to track all revoked capabilities (until they expire). If a capability is used for multiple resources, have to revoke all or none.