The Access Matrix

Authorization problems can be represented abstractly by an access matrix.

• each row represents a subject/principal/domain
• each column represents an object
• each cell: accesses permitted for the {subject, object} pair
  read, write, delete, execute, search, control, or any other method
  

In real systems, the access matrix is sparse and dynamic.

We need a flexible and efficient representation, and a model for governing changes to the access matrix.

Previous slide

Next slide

Back to first slide

View graphic version