2.7 Further Reading

The access control matrix is sometimes called an authorization matrix in older literature [475].

In 1972, Conway, Maxwell, and Morgan [230], in parallel with Graham and Denning, proposed a protection method for databases equivalent to the access control model. Hartson and Hsiao [453] point out that databases in particular use functions as described above to control access to records and fields; for this reason, entries in the access control matrix for a database are called decision procedures or decision rules. These entries are very similar to the earlier formulary model [474], in which access procedures determine whether to grant access and, if so, provide a mapping to virtual addresses and any required encryption and decryption.