Slide 20 of 57
Notes:
We are interested in 2 types of policy -obligation and authorisation
Obligation - what managers must do
Authorisation - what managers are permitted to do
Managers receive monitoring information and perform control actions - called subjects
Managed object are things being managed - called targets
Software objects have clearly defined interfaces which allow actions or operations to be performed on them eg a file has an interface for performing operations read, write, delete, rename etc
Authorisation policy is used by a security agent to protect target objects.