Title :
Review and Revocation of Access Privileges Distributed Through Capabilities
Author :
Gligor, Virgil D.
Author_Institution :
Department of Computer Science, University of Maryland
Abstract :
The problems of review and revocation of access privileges are presented in the context of the systems that use capabilities for the long-term distribution of access privileges. An approach that solves both of these problems in their-most general form is presented in this paper. The approach requires that a capability propagation graph be maintained in memory spaces associated with subjects (e.g., domains, processes, etc.) that make copies of the respective capability; the graph remains inaccessible to those subjects, however. Parallel processes of the operating system update the graph as the system runs.
Keywords :
Access control lists; access privilege; access review; capabilities; capability-propagation graph; fle systems; kernels; management policies; reference counts; selective revocation; shared objects; short capabilities; type extension; Access control; Control systems; Design methodology; Hardware; Hierarchical systems; Kernel; Operating systems; Protection; Stress; Vehicles; Access control lists; access privilege; access review; capabilities; capability-propagation graph; fle systems; kernels; management policies; reference counts; selective revocation; shared objects; short capabilities; type extension;
Journal_Title :
Software Engineering, IEEE Transactions on
DOI :
10.1109/TSE.1979.230193
