Subject, object, operation and permission
From Erights
(Difference between revisions)
(Added reference to the "protection matrix".) |
(→Definition) |
||
| Line 9: | Line 9: | ||
In general, the set of existing objects and subjects changes over time. | In general, the set of existing objects and subjects changes over time. | ||
| - | '''Permissions''' is a relation that defines which operations on what objects are permitted for particular subjects. One way how to capture permissions is [[protection matrix]]. | + | '''Permissions''' is a relation that defines which operations on what objects are permitted for particular subjects. One way how to capture permissions is the [[protection matrix]]. |
== See also == | == See also == | ||
Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. | Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. | ||
Revision as of 12:17, 16 June 2009
Definition
From a security point of view, we recognize subjects and objects
Subjects are active entities (e.g. UNIX processes) with some behavior. Subjects can designate objects and try to perform some supported operations with them.
What kind of operations can be performed with an object depends on its type.
In general, the set of existing objects and subjects changes over time.
Permissions is a relation that defines which operations on what objects are permitted for particular subjects. One way how to capture permissions is the protection matrix.
See also
Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in The MINIX Book.
