What is the difference between access control list and access control matrix?

The main difference between access control list and access control matrix is ​​that access control list defines a set of permissions attached to a system object while access control matrix defines access rights. of a subject on an object that is a set of access control lists.

In automated online systems, information security is vital. Therefore, there are several steps to secure a system. The first step in this is to authenticate the users. Here, the process requires the user’s personal data. For example, the system prompts the user to enter a valid username and password to access information in the system. After authentication is complete, the next step is authorization, which grants permissions to authorized users. Access control is a process that allows users to grant access and certain privileges to systems, resources, or information. Access control list and access control matrix are two terms associated with the access control process.

Key Areas Covered

1. What is access control list?
     – Definition, Functionality
2. What is the Access Control Matrix?
     – Definition, Functionality
3. What is the difference between access control list and access control matrix?
     – Comparison of key differences

Key terms

Access Control List (ACL), Access Control Matrix, Authentication, Authorization

What is the access control list?

Access Control List ( ACL ) refers to the permissions attached to an object that specify which users are granted access to that object. In addition, it also specifies the operations that users can perform using that object.

A file system ACL contains entries that specify individual user or group rights to specific system objects, such as programs, processes, files, and programs. These entries are called Access Control Entries (ACEs) in Microsoft Windows NT, OpenVMS, UNIX, and Mac OS X operating systems. In addition, each system object has a security attribute to recognize its ACL.

Network ACLs provide rules that apply to available IP addresses or port numbers on a host. The list consists of hosts that are allowed to use the services. Also, individual servers and routers may have network ACLs. ACLs can be configured to control incoming and outgoing traffic. Therefore, it works similar to a firewall. Also, SQL-based systems like ERP (Enterprise Resource Planning) and Content Management Systems contain ACL models in their management modules.

What is the Access Control Matrix?

The access control matrix allows to implement the protection model. This matrix contains rows and columns. The rows represent the domain. It can be a user, process, or procedure domain. Columns, on the other hand, represent objects or resources. An eject access control matrix is ​​as follows.

Each entry in the array represents access rights information. In the input access (Di, Oj), Di represents a process in the domain, while Oj represents an object or the resource. According to the matrix above, a process in domain 1 can read file 1. A process in domain 2 can take prints, and a process in domain 3 can execute file 3. Also, a process in domain 4 can write to the file 2. This is how the Access Control Matrix works.

Difference Between Access Control List and Access Control Matrix

Definition

Access control list is a list of permissions attached to an object in a computer file system, database, or network. Whereas, the access control matrix is ​​an abstract and formal security model for the protection status in computer systems that characterizes the rights of each subject with respect to each object in the system. Thus, this is the main difference between access control list and access control matrix.

functionality

The access control list defines the access rights each user has to a particular system object, such as a file directory or individual files, while the access control matrix defines the access rights of a subject, such as read, write and execute an object. Thus, this is another difference between access control list and access control matrix. 

conclusion

The main difference between access control list and access control matrix is ​​that access control list defines a set of permissions attached to a system object while access control matrix defines access rights of a subject on an object that is a set of access control lists. 

Reference:

1. “Access Control List.” Wikipedia, Wikimedia Foundation, November 12, 2018, Available here.
2. “What is an access control list (ACL)? – Definition of Techopedia. Techopedia.com, available here.
3. “Access Matrix for Implementing the Protection Model in the OS,” Easy Engineering Classes, Apr 4, 2017, Available here.
4. “The access control matrix”. Cybrary, available here.

Courtesy image:

1. “Internet Security Lock for VPN & Online Privacy” (CC BY 2.0) via www.vpnsrus.com

Leave a Reply

Your email address will not be published.

CAPTCHA


Back to top button