diff --git a/approach.tex b/approach.tex
index d3457ae..229e47b 100644
--- a/approach.tex
+++ b/approach.tex
@@ -18,3 +18,10 @@ It is backwards compatible: ICFS overrides the regular system call interface usi
 
 \subsection{Access Control Model}
 
+As promised, the access control model of ICFS is trivially simple. It features processes as it's subjects, and files as objects. Whenever a process attempts to access a filesystem object, a dialogue is displayed with three options:
+
+\begin{itemize}
+	\item \emph{Allow}, that will allow the access to the filesystem object for this process and any other process that is started with the same executable.
+	\item \emph{Allow this time}, that will allow the access to the filesystem object for the runtime of the requesting process.
+	\item \emph{Deny}, that will deny all access to the filesystem object.
+\end{itemize}
diff --git a/main-en.pdf b/main-en.pdf
index bd0a095..4019ca8 100644
Binary files a/main-en.pdf and b/main-en.pdf differ