Policies: Principal-Centric
Placing trust in principals (or roles)
Typically, classify individuals into groups
- [Denning 76] proved information flow w/lattices
- Principle of least privilege encourages specificity
... and label each object or action with a minimum or maximum authorization level
- [Bell and LaPadula] compartmentalization of processes ó read downwards, write upwards, sanitization
-
- Useful when there are fewer users than objects or actions