Authorization models limit what users and programs (processes) can do on a computer system, thereby protecting computer systems and their data from malicious users and programs. Authorization models implemented in the operating system employ the access matrix as their fundamental abstraction.
The access matrix enables efficient implementation of an authorization model, which is critically important since its overheads are incurred by every program executing in the computer system. As the access matrix is enhanced to provide adequate protections in today's high threat environment, greater complexity results; this complexity leads to users avoiding or misusing such protections. On the other hand, the lack of stronger protections in today's most popular systems renders them vulnerable to increased attacks.
This project is building a two-level system, with the higher level authorizations oriented towards the needs of those who specify authorization policies and the lower level tailored for efficient execution. Thus the lower level can be implemented in the operating system kernel. The high-level authorization will be automatically translated ("factored") into the operating system level authorizations. These high and low level authorizations are unique in that they were co-developed, and thus share basic concepts, which make this automatic factoring practical.
