Access control matrix vs access control list

What is Access Control List

Access Control List [ACL] refers to the permissions attached to an object that specifies which users are granted access to that object. Furthermore, it also specifies the operations the users can perform using that object.

A file system ACL contains entries that specify individual user or group rights to specific system objects such as programs, processes, files, and programs. These entries are called access control entries [ACEs] in the Microsoft Windows NT, OpenVMS, UNIX, and Mac OS X operating systems. Moreover, each system object has a security attribute to recognize its ACL.

Networking ACLs provide rules that apply to port numbers or IP addresses available on a host. The list consists of hosts that have permission to use the services. Furthermore, individual servers and routers can have network ACLs. It is possible to configure ACL to control both inbound and outbound traffic. Therefore, it works similar to a firewall. Furthermore, SQL based systems such as ERP [Enterprise Resource Planning] and Content Management Systems contain ACL models in their administration modules.

What is Access Control Matrix

Access control Matrix allows implementing protection model. This matrix contains rows and columns. Rows represent the domain. It can be a user, process or a procedure domain. Columns, on the other hand, represent the objects or resources. An expel Access Control Matrix is as follows.

Each entry in the matrix represents access right information. In the entry access [Di, Oj], Di represents a process in the domain while Oj represents an object or the resource. According to the above matrix, a process in domain 1 can read File 1. A process in domain 2 can take printouts, and a process in domain 3 can execute File 3. Moreover, a process in domain 4 can write to File 2. This is how the Access Control Matrix operates.

Access Control Matrix and Capability List

There is often confusion about the relationship between access control matrix and capability list or access control list when in fact these can be captured in a single image for clarity and simplicity purposes. You can think of access control matrix as a security access table which combines ACL and user capability list to define who can access what and to which degree. In the ACM, columns define objects and assigned privileges or ACL, rows list users or subjects, and relationships between rows and columns define user capabilities or UCL.

Domain 3: Security Engineering [Engineering and Management of Security]

Eric Conrad, ... Joshua Feldman, in CISSP Study Guide [Third Edition], 2016

View chapterPurchase book

Read full chapter

URL://www.sciencedirect.com/science/article/pii/B9780128024379000047

1. An access control matrix, and its access control list and capability list representations

Source publication

+21

A generalized temporal role based access control model for developing secure systems

Article

Full-text available

• Jan 2003

• James B. D. Joshi

A key issue in computer system security is to protect information against unauthorized access. Emerging workflow-based applications in healthcare, manufacturing, the financial sector, and e-commerce inherently have complex, time-based access control requirements. To address the diverse security needs of these applications, a Role Based Access Contr...

Cite

Download full-text

Access Control Lists

• Authors
• Authors and affiliations

• HakkiC.Cankaya

Reference work entry

DOI: //doi.org/10.1007/978-1-4419-5906-5_770

• 4 Citations
• 653 Downloads

How to cite