http://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&feed=atom&action=historySubject, object, operation and permission - Revision history2024-03-29T10:38:36ZRevision history for this page on the wikiMediaWiki 1.15.5-7http://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=1900&oldid=prevZarutian: added an ?hidden? link to an paulgraham article. Please remove it if it doesnt belong.2010-03-14T15:02:50Z<p>added an ?hidden? link to an paulgraham article. Please remove it if it doesnt belong.</p>
<p><b>New page</b></p><div>We use the terms '''subject''', '''object''', '''operation''' and '''permission''' consistently with a standard access control literature.<br />
<br />
== Definition ==<br />
<br />
From a security point of view, we recognize '''subjects''' and '''objects'''<br />
<br />
'''Subjects''' are active entities (e.g. UNIX processes) with some behavior. '''Subjects''' can designate '''objects''' and try to perform some supported '''operations''' with them.<br />
<br />
What kind of operations can be performed with an object depends on its type.<br />
<br />
In general, the set of existing objects and subjects changes over time.<br />
<br />
'''Permissions''' is a relation that defines which operations on what objects are permitted for particular subjects. One way how to capture permissions is the [[protection matrix]].<br />
<br />
== Notes ==<br />
<br />
People (outside capability community) often confuse the following two terms:<br />
* '''permissions''' (defined in this article)<br />
* and [[authority]].<br />
Real security audit cannot be performed without determining the [[authority]] of particular '''subjects'''.<br />
<br />
== See also ==<br />
<br />
These are standard notions and they are defined in various other places:<br />
* in the [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 MINIX Book] (Section 5.5)<br />
* [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security in Wikipedia].<br />
<!-- [http://www.paulgraham.com/reesoo.html] <-- I dont know if this belongs here or not -Zarutian --></div>Zarutianhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4056&oldid=prevKosik at 06:16, 20 June 20092009-06-20T06:16:40Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 06:16, 20 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 12:</td>
<td colspan="2" class="diff-lineno">Line 12:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Permissions''' is a relation that defines which operations on what objects are permitted for particular subjects. One way how to capture permissions is the [[protection matrix]].</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Permissions''' is a relation that defines which operations on what objects are permitted for particular subjects. One way how to capture permissions is the [[protection matrix]].</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">== See also ==</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">These are standard notions and they are defined in various other places:</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">* in the [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 MINIX Book] (Section 5.5)</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">* [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security in Wikipedia].</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Notes ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Notes ==</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 25:</td>
<td colspan="2" class="diff-lineno">Line 19:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* and [[authority]].</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* and [[authority]].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Real security audit cannot be performed without determining the [[authority]] of particular '''subjects'''.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Real security audit cannot be performed without determining the [[authority]] of particular '''subjects'''.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">== See also ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">These are standard notions and they are defined in various other places:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">* in the [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 MINIX Book] (Section 5.5)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">* [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security in Wikipedia].</ins></div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:37 -->
</table>Kosikhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4055&oldid=prevKosik: Relationship with the same notions defined in the standard literature was clarified.2009-06-20T06:11:45Z<p>Relationship with the same notions defined in the standard literature was clarified.</p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 06:11, 20 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">We use the terms '''subject''', '''object''', '''operation''' and '''permission''' consistently with a standard access control literature.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Definition ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Definition ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 15:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">Wikipedia also contains </del>[http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security <del class="diffchange diffchange-inline">similar definitions</del>]<del class="diffchange diffchange-inline">. It contains arguable material</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">These are standard notions and they are defined in various other places:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">* in the [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 MINIX Book] (Section 5.5)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">* </ins>[http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security <ins class="diffchange diffchange-inline">in Wikipedia</ins>].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref</del>=<del class="diffchange diffchange-inline">sr_1_14?ie</del>=<del class="diffchange diffchange-inline">UTF8&s</del>=<del class="diffchange diffchange-inline">books&qid</del>=<del class="diffchange diffchange-inline">1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>== <ins class="diffchange diffchange-inline">Notes </ins>==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>People (outside capability community) often confuse the following two terms:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>People (outside capability community) often confuse the following two terms:</div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:37 -->
</table>Kosikhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4054&oldid=prevKosik at 10:59, 19 June 20092009-06-19T10:59:38Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 10:59, 19 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">The same notions are defined also [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security Object (access control)]</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Wikipedia also contains [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security similar definitions]. <ins class="diffchange diffchange-inline">It contains arguable material</ins>.</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Wikipedia also contains [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security similar definitions]. <del class="diffchange diffchange-inline">We do not encourage you to read that page</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:37 -->
</table>Kosikhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4053&oldid=prevKosik: /* See also */2009-06-19T10:58:55Z<p><span class="autocomment">See also</span></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 10:58, 19 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 14:</td>
<td colspan="2" class="diff-lineno">Line 14:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The same notions are defined also [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security Object (access control)]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The same notions are defined also [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security Object (access control)]</div></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Wikipedia also contains [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security similar definitions].</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Wikipedia also contains [http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security similar definitions]<ins class="diffchange diffchange-inline">. We do not encourage you to read that page</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:38 -->
</table>Kosikhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4052&oldid=prevKosik at 08:51, 19 June 20092009-06-19T08:51:34Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 08:51, 19 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">During security audit, through permissions we should determine the </del>[<del class="diffchange diffchange-inline">[authority</del>]<del class="diffchange diffchange-inline">] of a given subject; because it is </del>[<del class="diffchange diffchange-inline">[authority]</del>] <del class="diffchange diffchange-inline">what ultimately matters</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">The same notions are defined also </ins>[<ins class="diffchange diffchange-inline">http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security Object (access control)</ins>]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Wikipedia also contains </ins>[<ins class="diffchange diffchange-inline">http://en.wikipedia.org/wiki/Subject_(access_control)#Computer_security similar definitions</ins>].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">People (outside capability community) often confuse the following two terms:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">* '''permissions''' (defined in this article)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">* and [[authority]].</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Real security audit cannot be performed without determining the [[authority]] of particular '''subjects'''.</ins></div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:38 -->
</table>Kosikhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4051&oldid=prevKosik at 08:42, 19 June 20092009-06-19T08:42:27Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 08:42, 19 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 12:</td>
<td colspan="2" class="diff-lineno">Line 12:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">During security audit, through permissions we should determine the [[authority]] of a given subject; because it is [[authority]] what ultimately matters.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term '''domain''' instead of '''subject'''.</div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:38 -->
</table>Kosikhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4050&oldid=prevKosik: /* See also */2009-06-16T14:23:44Z<p><span class="autocomment">See also</span></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 14:23, 16 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term ''domain'' instead of ''subject''.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]. They use a term <ins class="diffchange diffchange-inline">'</ins>''domain<ins class="diffchange diffchange-inline">'</ins>'' instead of <ins class="diffchange diffchange-inline">'</ins>''subject<ins class="diffchange diffchange-inline">'</ins>''.</div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:38 -->
</table>Kosikhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4049&oldid=prevKosik at 12:25, 16 June 20092009-06-16T12:25:03Z<p></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 12:25, 16 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book].</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book]<ins class="diffchange diffchange-inline">. They use a term ''domain'' instead of ''subject''</ins>.</div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:38 -->
</table>Kosikhttp://wiki.erights.org/mediawiki/index.php?title=Subject,_object,_operation_and_permission&diff=4048&oldid=prevKosik: /* Definition */2009-06-16T12:17:04Z<p><span class="autocomment">Definition</span></p>
<table style="background-color: white; color:black;">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">←Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 12:17, 16 June 2009</td>
</tr>
<tr><td colspan="2" class="diff-lineno">Line 9:</td>
<td colspan="2" class="diff-lineno">Line 9:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>In general, the set of existing objects and subjects changes over time.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>In general, the set of existing objects and subjects changes over time.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>-</td><td style="background: #ffa; color:black; font-size: smaller;"><div>'''Permissions''' is a relation that defines which operations on what objects are permitted for particular subjects. One way how to capture permissions is [[protection matrix]].</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>'''Permissions''' is a relation that defines which operations on what objects are permitted for particular subjects. One way how to capture permissions is <ins class="diffchange diffchange-inline">the </ins>[[protection matrix]].</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== See also ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book].</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Description of similar notions can be found in Section 5.5 (Protection Mechanisms) in [http://www.amazon.com/Operating-Systems-Implementation-Prentice-Software/dp/0131429388/ref=sr_1_14?ie=UTF8&s=books&qid=1245137182&sr=8-14 The MINIX Book].</div></td></tr>
<!-- diff generator: internal 2024-03-29 10:38:38 -->
</table>Kosik