Access And Information Flow Controls
This chapter discusses access and information flow controls with various techniques to govern initial access to the objects protected by the computer system. These controls incorporate methods to regulate the dissemination of information among the subjects and objects on the system. The usage of passwords as an access control technique is similar to their usage for controlling access to the computer system itself. Capabilities can also be implemented as a ticket possessed by the user which will grant a specified mode of access to a specific object. While capability techniques can be thought of as dividing protection table example by rows, Access Control Lists (ACLs) divide it up by columns. A modification to the Access Control List Approach uses only a few bits to describe the access permissions for each object. The most common example of the use of Protection Bits is the UNIX environment. The chapter considers the specific malicious software is a Trojan Horse.