The chapter discusses protection in computer systems. It aims to protect processes from one another by enforcing access policies for resource use. The key principles are least privilege, where each user is given only the access needed, and need-to-know, where a process should only access resources required to complete its task. Protection domains and access matrices are used to specify the resources a process may access, with each entry defining access rights. Capability lists and access lists are common implementations of access matrices. The chapter also covers revoking access rights and role-based access control.