In: Computer Science
in the context of access control , explain the concepts of access control matrix, access control list ,privilege control list and capability
Question: In the context of access control , explain the concepts of access control matrix, access control list ,privilege control list and capability
Ans: Access control can be defined as the security technique that maintains or controls the resources i.e who can use the resources, who can view the resources in the workout domain or in the computing domain.
So in context of access control we are going to explain the concept of access control matrix, access control list and what are the various control list and the capabilities.
Access Matrix: Access matrix is used for the implementation of protection model. In any matrix there are two different entries called as rows and columns. Rows are used to represent the domain and there can be a different kinds of domains like there can be user domain, process domain and there can be a procedure domain. So any of these three kinds of domains are represented with the help of rows in the matrix. Next is the column representation , columns represents the objects and these objects are actually the resources that are present in any operating system.
Working: Suppose we have four domains (D1,D2,D3 and D4). These four domains are specified as rows as shown in below image. Similarly, we have for example four objects(resources) let us suppose file1, file2, file3 and printer shown below.
Each entry in the matrix consists of a set of access rights. i.e say cell no (D4 , file 1 ) contains some information as shown.
The entry access say (i,j) defines the set of operations that a process, executing in domain Di can invoke an object Oj, e.g a process is executing in the domain D1 i.e i = 1 and it is accessing object 1 i.e file 1, we will follow the following syntax below:
access(i,j)
access(1,1) --> accessing domain 1 (D1) and object 1 (file1)
Now, let us suppose the select cell has an entry as "Read" (shown below), which means that access(1,1) has read access on file1. Similarly access(1,3) has entry Write i.e it will have the write privileges on file3.
Again if the command is given as access(2,print) means that the domain D2 has print access on resource(object) called as printer and so on is shown below in access matrix.
Now, it must be ensured that a process executing in domain Di can access only those objects specified in row i. i.e As per the below example D1 can have only read access on file 1 and file 3 and this doesn't have any other access.
Domain\Objects | File1 | File2 | File3 | Printer |
D1 | Read | Read | ||
D2 | ||||
D3 | ||||
D4 | //////// | write |
Access Matrix
Access control list on the basis of access matrix is not efficient i.e in ACL we are traversing a list to look for an Access Entry and in other case capability list is much efficient than ACL. On the other hand ACL provides high accountability as compared to Capability list. ACL have each and every information which element has which access and which has not but same is not the case with C-list (capability list)