Windows:

The Access Control Model in Windows is the basic component of Windows security. The Access control model has two main components, Access tokens and Security descr iptors, which are what the visitor and the visitor owns, respectively. By accessing the contents of the token and security descr iptor, Windows can determine whether a token - holding visitor can access the object that holds the security descr iptor.

The access token is associated with a particular Windows account. When a Windows account is logged in, the system reads the account information from the internal database and uses that information to generate an access token. Any process started in the account environment gets a copy of the token, and the thread in the process holds the token by default. When a thread wants to access an object or perform some system administration-related operation, Windows checks for access using the token held by the thread.

The security descr iptor is associated with the object and contains the SID of the object's owner, as well as an Access Control List (ACL, Access Control List), which also includes DACL (Discretionary Access Control List) and SACL (System Access Control List). DACL is the most important of the security descr iptors, containing zero or more ACE (Access Control Entry), the contents of which describe allowing or denying specific accounts to perform specific operations on this object. As for SACL, it is rarely used, mainly for system auditing, and its contents specify that it is logged to the system log when a particular account performs a particular operation on this object.

Linux：

Linux file security has access control mechanism (ACM). ACM provides a way for system administrators to control which users and processes can access different files, devices, interfaces, and so on. ACM is a major consideration when it comes to securing computer systems or networks.

ACM mainly has the following six ways:

Autonomous Access Control (DAC) : DAC defines basic access control for objects in the file system (files, directories, devices, and so on), that is, typical file permissions, sharing, and so on. This access mechanism is usually determined by the object's owner.

Access control lists (ACLs) : ACLs provide further control over which objects a subject(process, user, and so on) can access.

Forced Access Control (MAC) : A MAC is a security mechanism that limits the "level of control" that a user (subject) can have over objects that he or she creates. Unlike DAC, in DAC users have complete control over their own objects (files, directories, devices, etc.). On the MAC, you add extra labels or categories to all file system objects. Before subjects(users or processes) can interact with Objects, they must properly access these categories or labels (that is, do permission judgments first). Access control is thorough, and access to all files, directories, and ports is policy based. These policies are set by administrators and cannot be changed by regular users.

Role-based Access Control (RBAC) : RBAC is a prior method of controlling user access to file system Objects. Instead of user-based access control, system administrators set up Roles based on business function requirements. These Roles have different types and levels of access to objects.

Multi-level Security (MLS) : Multi-Level Security (MLS) is a specific Security scheme for mandatory access control. In this scenario, the process is called "Subjects" and the files, directories, sockets and other passive entities of the operating system are called "Objects".

Multi-category Security (MCS) : Multi-Category Security (MCS) is an enhanced SELinux that allows users to tag file categories. In SELinux, MCS is an adapter for MLSand to reuse the MLS framework.