Quote: users should have restricted access that is independent of other users [»robiL9_1975, OK]

Quote: security by least privilege; give only those privileges needed to accomplish the task [»schnB_2000]

Quote: simplify user security as my documents, shared documents, and public documents in separate directories; vendors and administrators handle everything else [»lampBW6_2004]

Quote: the access matrix model concerns a set of uniquely named objects and an access domain for each process [»dennPJ_1980]

Quote: an entry in the access control matrix gives a list of permissions for processes in domain d to an object x; a bit vector access code [»dennPJ_1980]

Quote: permissions for changing the access control matrix are included in the matrix; e.g., add process to a domain and change permissions [»dennPJ_1980]

Quote: can associate an access list with each object that gives access codes for each domain; widely used for file systems [»dennPJ_1980]

Quote: capabilities are more efficient for exercising permissions but access lists are better for managing permissions; should have a mix of methods [»dennPJ_1980]

Quote: access lists are stored with an object; difficult to add users since may require modification of many lists

Quote: a user's actions implicitly specifies the desired permissions for processes and objects

Quote: mandatory access control limits damage a Trojan horse can do; e.g., military security levels (clearance for classified objects) [»mcleJ1_1990]

Quote: access control lists do not work well for distributed systems; need authentication, delegation, extensibility, and customized policies [»blazM_1999]

Quote: a process may pass a subset of its permissions to other domains if it has 'copy' permission [»dennPJ_1980]

Quote: set-user-ID changes program access rights to those of the program's creator; allows privileged programs [»ritcDM7_1978a]

Quote: setuid is poorly designed and widely misused; causes security vulnerabilities [»chenH8_2002]

Quote: develop finite state model of user ids; uncover pitfalls in setuid, define proper usage, and propose a high-level API

Quote: setuid API for temporary and permanent privileges; works for OpenSSH; does not handle group privileges [»chenH8_2002]

Quote: the Unix super-user has unrestricted access rights [»ritcDM7_1978a]

Quote: identify Andrew superusers by membership in System:Administrators; provides audit trail by user id and simple revocation of privileges [»satyM8_1989]

Quote: UNIX password system for frustrating widespread password searches; super-user passwords already effective [»morrR4_1978]

Quote: use negative access rights for rapid and selective revocation of rights to sensitive objects

Quote: revoke authorities to keep the actor-ability state manageable [»yeeKP12_2002]

Quote: user group icons contain individual users or other groups; for distribution and access control [»smitDC_1982]

Quote: Quilt controls activities allowed on a node type according to social roles [»fishRS3_1988]

Quote: hierarchical access rights by interval containment in an interval tree; efficient representation for many users and access groups [»luQ_1999]

Quote: Vesta access control by attributes assigned to an object or parent directory; similar to Unix; e.g., user@realm, ^group@realm, #owner, #group, #mastership-to [»heydA_2006]

Quote: access list contains a 32-bit mask of positive and negative rights; unioned with group rights in 1 scan; negative overrides positive [»satyM8_1989]

Quote: access rights for directories; restrict access to a file by linking to a private directory [»satyM8_1989]

Quote: any object in a HAM database can have an access control list with access, annotate, update or destroy permissions [»campB7_1988]

Quote: an owner of a ZOG frame can add other owners, read-protect it, or write-protect it [»akscRM5_1984]

Quote: owner of a KMS frame can make it read or write protected [»akscRM7_1988a]

Quote: a KMS frame can be annotate only but most frames are left unprotected to encourage correction of typos [»akscRM7_1988a]

Quote: authorization model for relational databases; positive and negative authorizations, exceptions, groups, temporary suspensions [»bertE4_1999]

Quote: assign security IDs to threads, extensions, and other objects; operations require permission; access mode is a 64-bit vector of permissions and permission objects [»grimR2_2001]

Quote: SPIN OS provides language-based, fine-grained access control and fine-grained user extensions; static type checking and dynamic linking [»bersBN12_1995]

Note: access control and visibility tend to be either too limited or too liberal; hard to make them work [»cbb_1990, OK]

Quote: access control needs state to record the duration of code usage for billing purposes; otherwise global file systems will prevent usage-based billing [»hausRC11_1994]

Quote: lattice model of secure information flow; ignores covert channels; need access control and flow control [»dennDE5_1976]