Databases Reference
In-Depth Information
User
Action
Object
Ann
read
Document1
Ann
write
Document1
Ann
read
Document2
Ann
execute
Program1
Bob
read
Document1
Bob
read
Document2
Bob
read
Program1
Bob
execute
Program1
Carol
read
Document2
Carol
write
Document2
Carol
execute
Program2
David
read
Program1
David
write
Program1
David
execute
Program1
David
read
Program2
David
write
Program2
David
execute
Program2
(a)
Ann
read
write
Bob
read
Document1
read
write
Document2
read
Program1
execute
Document1
Ann
Ann
read
Bob
read
Carol
read
write
Document1
read
Document2
read
Program1
read
execute
Document2
Bob
Ann
execute
Bob
read
David
read
write
Document2
read
write
Program2
execute
Program1
Carol
execute
execute
Carol
execute
David
read
write
execute
Program1
read
write
Program2
Program2
David
read
write
execute
execute
(b)
(c)
Fig. 2.
Access matrix implementation mechanisms
From the access matrix model, discretionary access control systems have
evolved and they include support for the following features.
•
Conditions.
To make authorization validity depend on the satisfaction of
some specific constraints, today's access control systems typically support
conditions associated with authorizations. [5]. For instance, conditions im-
pose restrictions on the basis of: object content (content-dependent condi-
tions), system predicates (system-dependent conditions), or accesses pre-
viously executed (history-dependent conditions).
