Identity based vs. code based policies

Most systems today implement identity based access policies. This means that the rules include the identity of the requesting principal. Frequently a simple match between the rights of a caller and the rights of a resource is performed. If the rights match access is allowed. The big danger here is that this type of access control relies completely on the code to be free of errors or attack code. It is closely related to the concept of "discretionary" access control. (see below the SELinux chapter)

A few systems also use code based access policies. Here code is restricted in its rights independent of the identity of the caller or user. "Sandbox" is a frequently used description for code running under those restricitions.

Generally identity based access control systems are unable to deal with viruses and trojans because they simply use the complete rights of a user when they start a program.