Data security is an important aspect in the life of information systems. Because of these numerous security models have been presented. One of the most effective security model and the simplest to implement is the use of the Access Control Matrix Model (ACMM). This model focuses on restricting access of different users to a specific application. Basically, the matrix is used to provide a description of users who have access to specific objects. It is compose of four important parts which are the listing of objects that are to be accessed, the listing of subjects of the people who can access, a function that returns the type of the objects and the matrix where the foregoing data can be viewed. (Hwei-Hsin Feng, Anh Le, Jeff Scanlon)
ACMM comes in several forms but there is a unified idea of how it is implemented. Basically, the principle is that if there is a trigger to access specific objects, the ACMM matrix need to be “touched” in order for the system to determine if the subject has the right to do what it intends to do. If the subject has been given a go signal to proceed then he can perform what he intended to do.
A common example of the application of an ACMM is through the famous social media Facebook. If I am the owner of an account, I have control as to who can gain access or view my profile. I can set user restrictions such that only my friends can view my post, or I can set a picture to be public meaning all Facebook users can view the picture and post comments. Sometimes, I could set the setting such that the picture can be viewed by everyone but only a list of friends can comment on it. In addition, I can totally restrict anyone to view my profile. With this, if a certain user wants to check my post, then that trigger is passed to my ACMM to checked whether that subject has permissions to do such or else the request is denied.
The implementation of this security model is an important step in further providing security measures to objects. If this is implemented properly, then the possible access problems have been limited leaving only a few people to access and make harm to your systems.
References:
Hwei-Hsin Feng, Anh Le, Jeff Scanlon. Info Security. Retrieved from http://www.cs.gmu.edu/cne/itcore/security/policy.html
Merkow, M. S., & Breithaupt, J. (2006). Information Security: Principles and Practices. Upper Saddle River, NJ: Pearson: Prentice Hall.
