TABLE OF CONTENTS Contrary to the relatively static state implied by a lattice-based security model, discretionary-access-control (DAC) systems are characterized by unbounded protection states. It is for this reason that in many ways modeling access-control systems has historically been understood to implicitly relate to DAC. Although the access-matrix model, the subject of this chapter, applies to all security policies including those that are mandatory, it lends itself well to discretionary policies. The matrix model is concerned with the study of access control directly over the entities involved in an access policy namely, subjects and objects. It reflects the access relationships that exist between these two at any point in time. Access relationships that are based on resource ownership and enable individual control over propagating access permissions are at the core of DAC systems.
We review the concepts defining the access-matrix model followed by a discussion of the corresponding implementation considerations. We reflect on the history of this access model by delving into the work of Harrison, Ruzzo, and Ullman. Subsequently, we introduce the reader to the foundation of safety in protection systems and describe relating results in detail.
The pioneering work of Lampson [LAMP71] followed by that of Harrison, Ruzzo, and Ullman (HRU) [HARR76, HARR78] has led to a generalized form of access-control modeling known as the access-matrix model. Three basic abstractions on which this model is built are
q Subjects,
q Objects (resources), and
q Access rights.
The two-dimensional matrix modeling a protection...
