:PROPERTIES: :ID: 48e3b4fd-f8e2-45be-9b2a-f677529b7ceb :mtime: 20240304104842 :ctime: 20240304104839 :END: #+title: access matrix #+filetags: :public:project: * Definition In the context of security policy and an *Access matrix* is - A matrix of domains (subjects, principals) against objects - Rows represent domains (processes), columns represent objects (files) - Access matrix column $D_i$ row $F_j$ represents Operations a process in domain can invoke on object - Operations can include adding/deleting entries in matrix - Example of separation of policy from mechanism