ACM captures state that is relevant to access control decisions. [[Reference Monitor]] needs to check such a state to make its decision. ACMs define user permissions for resources. In the matrix, - Rows are **Subjects or Principals** → Sources of the requests - Users, groups, roles - Columns are **Objects or Resources** - files, processes, resources to access ![[attachments/ACM.png]] ### Generic Access Rights The possible rights that can be granted to a user are **generic access rights**. Within each entry of the matrix $r_{ij}$​ is a subset of these generic access rights. $r_{ij}$ is granted to a user $i$ for a resource $j$. Some examples of rights includes: - read, write or execute for a file - create, delete or own - meta-rights, such as the right to propagate and revoke access ## ACM operations ACM is a dynamic data structure. As new users are added, new processes are created, this matrix should grow & change. Here are some examples of ACM operations: - `create(s, f)` → Subject $s$ creates a new file $f$ - This should create a new column in the matrix to set the permission for the entry - $ACM[s,f] := \{own, read, write\}$ - `grant(s, f, read)` → Grant access for file $f$ to subject $s$ - Owner makes this request. Owner is not $s$ - $ACM[s,f] := \{read\}$ ``` s` := process making the request if own in ACM[s`,f]: ACM[s,f] := {r} ```