The ability to make use of information stored in a computer system. Used frequently as a verb, to the horror of grammarians.
Access control list
A list of principals that are authorized to have access to some object.
To verify the identity of a person (or other agent external to the protection system) making a request.
To grant a principal access to certain information.
In a computer system, an unforgeable ticket, which when presented can be taken as incontestable proof that the presenter is authorized to have access to the object named in the ticket.
To check the accuracy, correctness, and completeness of a security or protection mechanism.
A protection system that separates principals into compartments between which no flow of information or control is possible.
Allowing a borrowed program to have access to data, while ensuring that the program cannot release the information.
A protected value which is (or leads to) the physical address of some protected object.
(In contrast with nondiscretionary.) Controls on access to an object that may be changed by the creator of the object.
The set of objects that currently may be directly accessed by a principal.
The (usually) reversible scrambling of data according to a secret transformation key, so as to make it safe for transmission or storage in a physically unprotected environment.
To authorize (q. v.).
Referring to ability to change authorization, a scheme in which the record of each authorization is controlled by another authorization, resulting in a hierarchical tree of authorizations.
Used to describe a protection system in which each protected object has a list of authorized principals.
A secret character string used to authenticate the claimed identity of an individual.
A particular form of allowed access, e.g., permission to READ as contrasted with permission to WRITE.
A rule that must be followed before access to an object is permitted, thereby introducing an opportunity for human judgment about the need for access, so that abuse of the access is discouraged.
The entity in a computer system to which authorizations are granted; thus the unit of accountability in a computer system.
The ability of an individual (or organization) to decide whether, when, and to whom personal (or organizational) information is released.
When a principal, having been authorized access to some object, in turn authorizes access to another principal.
A data structure whose existence is known, but whose internal organization is not accessible, except by invoking the protected subsystem (q.v.) that manages it.
A collection of procedures and data objects that is encapsulated in a domain of its own so that the internal structure of a data object is accessible only to the procedures of the protected subsystem and the procedures may be called only at designated domain entry points.
1) Security (q.v.). 2) Used more narrowly to denote mechanisms and techniques that control the access of executing programs to stored information.
A principal that may be used by several different individuals.
To take away previously authorized access from some principal.
With respect to information processing systems, used to denote mechanisms and techniques that control who may use or modify the computer or the information stored in it.
Referring to ability to change authorization, a scheme in which each authorization contains within it the specification of which principals may change it.
Used to describe a protection system in which each principal maintains a list of unforgeable bit patterns, called tickets, one for each object the principal is authorized to have access.
Used imprecisely to refer to the individual who is accountable for some identifiable set of activities in a computer system.