Subject, object, operation and permission

From Erights

Revision as of 07:57, 15 June 2009 by Kosik (Talk)
Jump to: navigation, search

Definition

From a security point of view, we recognize:

  • subjects
  • objects

Subjects are active entities (e.g. UNIX processes) with some behavior. Subjects can designate objects and try to perform some supported operations with them.

What kind of operations can be performed with an object depends on its type.

In general, the set of existing objects and subjects changes over time.

Permissions is a relation that defines which operations on what objects are permitted for particular subjects. We could formally model it as a ternary relation of appropriate sets.

Personal tools
more tools