Print this chapterPrint this chapter

Access Control Fundamentals

13. Access Control Techniques

13.3. Access Control Matrix

  • An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects.
  • The access rights that are assigned to individual subjects are called capabilities and those assigned to objects are called Access Control Lists (ACL).
  • This technique uses a capability table to specify the capabilities of a subject pertaining to specific objects. A capability can be in the form of a token, ticket, or key.
    • Each row is a capability and each column is an ACL for a given user.
    • Kerberos uses a capability-based system where every user is given a ticket, which is his capability table.
  • ACL’s are lists of subjects that are authorized to access a specific object and they define what level of authorization is granted ( both at individual and at group level)
  • ACL’s map values from the access control matrix to the object.
  • Note: A capability table is bound to a subject, whereas an ACL is bound to an object.