scheme for specifying and enforcing security policies; may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no theoretical grounding at all; implemented through a computer security policy