Review and Revocation of Access Privileges Distributed Through Capabilities

Review and Revocation of Access Privileges Distributed Through Capabilities

The problems of review and revocation of access privileges are presented in the context of the systems that use capabilities for the long-term distribution of access privileges. An approach that solves both of these problems in their-most general form is presented in this paper. The approach require...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on software engineering 1979-11, Vol.SE-5 (6), p.575-586
1. Verfasser: Gligor, V.D.
Format: Artikel
Sprache:eng
Schlagworte:
Access
Access control
Access control lists
access privilege
access review
capabilities
capability-propagation graph
Control
Control systems
Design methodology
fle systems
Hardware
Hierarchical systems
Kernel
kernels
management policies
Operating systems
Policies
Privileges
Protection
reference counts
Reviews
selective revocation
shared objects
short capabilities
Software engineering
Stress
Systems design
type extension
Vehicles
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The problems of review and revocation of access privileges are presented in the context of the systems that use capabilities for the long-term distribution of access privileges. An approach that solves both of these problems in their-most general form is presented in this paper. The approach requires that a capability propagation graph be maintained in memory spaces associated with subjects (e.g., domains, processes, etc.) that make copies of the respective capability; the graph remains inaccessible to those subjects, however. Parallel processes of the operating system update the graph as the system runs.
ISSN:0098-5589
1939-3520
DOI:10.1109/TSE.1979.230193