Authorization Mechanisms

We now know that an authorization decision is made based on who the subject is, what the object is, and how the subject tries to access the object. However, how is the subject, object, and access mode information stored? There are a few approaches:

  1. An Access Control Directory (ACD) is a file that stores filenames, access rules, and pointers to files on a computer system. Each user has their own ACD, which indicates how every file on this system can be accessed.

    The operating system controls all the users' ACD files and prevents users from directly changing them (because this would lead users to grant themselves access that isn't permitted.)

    ACDs create several challenges, such as the length of ACD files, which may be very large especially when files or devices, such as printers are shared by many users (so every ACD file will have to list the same printer.)