Title :
On Access Checking in Capability-Based Systems
Author :
Kain, Richard Y. ; Landwehr, Carl E.
Author_Institution :
Department of Electrical Engineering, University of Minnesota
Abstract :
Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems. A casual reader may assume that it is adequate for capabilities to be passed in accordance with the rules for data copying. A system using such a rule cannot enforce either the military security policy or the Bell and LaPadula rules. The paper shows why this problem arises and provides a taxonomy of capability-based designs. Within the space of design options defined by the taxonomy we identify a class of designs that cannot enforce the Bell-LaPadula rules and two designs that do allow their enforcement.
Keywords :
*; Access control; capabilities; capability-based architectures; security policy; taxonomy; Access control; Computer security; Contracts; Data security; Government; Information management; Information security; Laboratories; Permission; Taxonomy; *; Access control; capabilities; capability-based architectures; security policy; taxonomy;
Journal_Title :
Software Engineering, IEEE Transactions on
DOI :
10.1109/TSE.1987.232892
