On the Implementation of Security Measures in Information Systems
The security of an information system may be
represented by a model matrix whose elements are 
decision rules and whose row and column indices are
users and data items respectively.  A set of four 
functions is used to access this matrix at translation
and execution time.  Distinguishing between data 
dependent and data independent decision rules enables
one to perform much of the checking of security 
only once at translation time rather than repeatedly
at execution time.  The model is used to explain 
security features of several existing systems, and serves
as a framework for a proposal for general security 
system implementation within today's languages and operating systems.
CACM April, 1972
Conway, R. W.
Maxwell, W. L.
Morgan, H. L.
