5.3. Models of Security
In security and elsewhere, models are often used to describe, study, or analyze a particular situation or relationship. In particular, security models are used to
test a particular policy for completeness and consistency
document a policy
help conceptualize and design an implementation
check whether an implementation meets its requirements
We assume that some access control policy dictates whether a given user can access a particular object. We also assume that this policy is established outside any model.
That is, a policy decision determines whether a specific user should have access to a specific object; the model is only a mechanism that enforces that policy. Thus, we begin studying models by considering simple ways to ...