Title :
Hidden software capabilities
Author :
Hagimont, D. ; Mossiere, J. ; de Pina, X.R. ; Saunier, F.
Author_Institution :
LSR, IMAG, Grenoble, France
Abstract :
Software capabilities are a very convenient means to protect co-operating applications. They allow access rights to be dynamically exchanged between mutually suspicious interacting applications. However in all the proposed approaches, capabilities are made available at the programming language level, requiring application developers to wire protection definition in the application code, which is detrimental to both flexibility and reusability. We believe instead that capabilities should be hidden from the application programmer allowing protection definition and application code to be clearly separated. In this paper we propose a new protection model based on hidden software capabilities, in which protection definition is completely disjoined from the application code and described in an extended interface definition language (IDL). This allows to specify protection for existing modules and to easily change the protection policy of an application. This protection model can be integrated in a wide range of operating systems. We are currently implementing it in a single address space operating system based on distributed shared memory
Keywords :
distributed memory systems; security of data; application code; application developers; application programmer; co-operating applications; distributed shared memory; extended interface definition language; hidden software capabilities; mutually suspicious interacting applications; operating system; software capabilities; Application software; Computer languages; Distributed computing; Kernel; Memory management; Operating systems; Permission; Programming profession; Protection; Wire;
Conference_Titel :
Distributed Computing Systems, 1996., Proceedings of the 16th International Conference on
Print_ISBN :
0-8186-7399-0
DOI :
10.1109/ICDCS.1996.507926
