Skip to main content
Article

Access control: principle and practice

Ravi SandhuInformation and Software Systems Engineering Department, George Mason University, USAPierangela SamaratiComputer Science, University of Milan, Italy
1994en
ABI

Abstract

Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of security. This article explains access control and its relationship to other security services such as authentication, auditing, and administration. It then reviews the access matrix model and describes different approaches to implementing the access matrix in practical systems, and follows with a discussion of access control policies commonly found in current systems, and a brief consideration of access control administration.< <ETX xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">&gt;</ETX>

Identifiers

Citations and references

Cited by 20 references