Alan JoHierarchy and Abstraction is important for efficiency within complexity perspective.
- Subjects are things in the system that can act
- Object are assets or objects in the system (acted upon)
- Rights that need to be controlled
A Model for File System
- for processes
- for files
- are (read, write, execute, …)
ACL is better for access review and revocation on an object basis, while CAP is better for access review and revocation on a subject basis.
Access Control Modeling
Mostly combination in real implementation
Access Control Types