Most operating systems strive to provide a secure processing environment in which processes are authenticated, and where access permissions to system resources are defined and enforced. As a basic example, an operating system may provide two types of permission levels, one for administrators and one for users. Administrators may have access to all system resources, including files, directories, and system configuration settings. By contrast, a user may have restricted access to a strict subset of system resources. In regard to authenticating processes, many models rely on the trustworthiness of the channel through which the software is acquired.
In a typical environment, an operating system uses a concentric model for specifying resource permission levels, where different permission levels would correspond to different concentric circles in the concentric model such that increasing levels of permission would inherit all of the permissions of all lower levels. Such a concentric model of permissions provides for very fast determinations of permissions.
In another typical environment, an operating system may use a tailored permission system, where individual users are specified with a particular set of permissions. Such a model provides for a very individualized definition of permissions, however this model suffers from requiring a more computationally intensive method for verifying permission requests to access system resources.