Access control is important to providing secure computing. In general, access control involves determining whether to permit a requesting principal to access a resource. A principal may be any entity which requests access. A resource may be anything that can be accessed from a computer, such as data, a database, objects, hardware, programs and so forth. Access to the resource may be restricted in various ways so that some principals are granted only limited access.
Traditional access control systems have several disadvantages. The notion that a principal is identified solely with a logged-in user does not allow for expression of important real-world security situations. For example, a human user is not really an entity making an access request. Rather, the request is being made by a program. Further, most existing access control designs assume that every program executing during a user's session is acting on the user's behalf and with the user's full trust. This is not always true.
Other limitations of previous access control systems involve a single type of logged-in user. These previous systems provide access as all or nothing, and imply that all mechanisms for authenticating a user are equally trusted. They may also require that authentication mechanisms be part of a trusted computing base, when there may be various routes for logging into a computer system.
Some previous access control systems provide a pattern matching method for providing access control. An example of such a system is described in U.S. patent application Ser. No. 11/133,806, titled “Systems and Methods for Pattern Matching on Principal Names to Control Access to Computing Resources,” filed on May 19, 2005, having inventors Andrew Birrell, Edward Wobber, and Martin Abadi. Though these pattern matching access control systems overcome some disadvantages of the prior art, they have several disadvantages as well. In particular, the patterns are usually hard coded into a program. Thus, users typically cannot change the access control patterns or must use different access control patterns for each and every resource. Additionally, it can be difficult to ascertain what a program is or is not authorized to do. An improved access control system would be desirable for providing a secure computing system.